Program

Kinza

¥

P

Total Reports 9

Total Valid Reports 5

  • Program
    Kinza
    Report Submission Period
    2016/08/17 〜 2016/09/30
    Bounty Range
    ¥5,000¥100,000
    Rules
    Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.

    ***************************************************************
    This program is targeted purely on unique features of Kinza web browser.
    Vulnerabilities in Chromium are out-of-scope.



    Test against server that connect web browser are explicitly excluded from this program.
    ***************************************************************

    Any violation on the Terms of Service of the “BugBounty.jp” and/or performance of DoS (Denial of Service) attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.
    Scope
    Kinza web browser Ver. 3.3.0


    ・Japanease

     https://www.kinza.jp/download/

    ・English

     https://www.kinza.jp/en/download/

    

※ Test against server that connect web browser are explicitly excluded from this program.

    Eligible For Bounty
    The following vulnerabilities are eligible to receive bounty reward.

    (1) Remote Code Execution
    (2) Universal Cross-Site Scripting (UXSS)
    (3) Cross-Origin bypass
    (4) Browser Crash
    (5) Other

    The following guidelines the bounty amount for in-scope vulnerabilities.
    Please note that reward amounts may vary depending on the severity of the vulnerability reported.

    (1) ¥100,000       Remote Code Execution
    (2) ¥50,000        Universal Cross-Site Scripting (UXSS)
    (3) ¥50,000        Cross-Origin bypass
    (4) ¥5,000        Browser Crash
    (5) ¥5,000 - ¥100,000  Other
    Not Eligible For Bounty
    Reports related to the following issues are out-of-scope for this program.

    (1) Vulnerabilities found through automated scans or tools
    (2) Hypothetical or theoretical vulnerabilities without actual verification code
    (3) Vulnerabilities resulting from Chromium (Please report issue to Chromium*)

    * https://bugs.chromium.org/p/chromium/issues/list
    Notes
    For eligibility details, please refer to the "Terms of Service Article 4" of this site.
    • paid for Private 's report
      granted for Private 's report
      2016/10/04 13:30

    • paid for mage 's report
      granted for mage 's report
      2016/08/24 16:41

    • paid for mage 's report
      granted for mage 's report
      2016/08/24 16:39

    • paid for mage 's report
      granted for mage 's report
      2016/08/24 16:34

    • paid for shhnjk 's report
      granted for shhnjk 's report
      2016/08/24 12:59