BugBounty.jp

Program

Total Reports:77
Total Valid Reports:26

Opened

Zaim(iOS/Android)

  Bounty Point
Program
Zaim(iOS/Android)
Online household account book service
Program Logo
Program Logo
Period
2019/05/27 〜 2020/05/31
Bounty Range
¥1,000¥132,000
Rules
Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.

**************************************
This is a production environment. Please note the following things:

- Do not create account more than necessary to perform tests, and please delete your account as soon as you finished your tests.
- Repetitive processing with tools are prohibited.

To be eligible for a bounty reward under this program you must to follow the rules stipulated above.
**************************************

Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation on the Terms of Service of the “BugBounty.jp” and/or performance of DoS (Denial of Service) attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

2019/09/27 update
The following domain is out of scope.
zaim.net

2019/08/16 update
The following domain is out of scope.
zaim.co.jp
Scope
iOS application
Name
Zaim
URL
  • https://itunes.apple.com/jp/app/zaim/id445850671
Domain
  • api.zaim.net
  • auth.zaim.net
Android application
Name
Zaim
URL
  • https://play.google.com/store/apps/details?id=net.zaim.android
Domain
  • api.zaim.net
  • auth.zaim.net
Eligible
For Bounty
  • Command Injection up to 132,000yen
  • Remote Code Execution up to 132,000yen
  • Authentication up to 122,000yen
  • SQL Injection up to 114,000yen
  • Cross-Site Request Forgery (CSRF) up to 50,000yen
  • Cross-Site Scripting up to 27,000yen
  • Privilege Escalation up to 27,000yen
  • Forced Browsing up to 27,000yen
  • Open Redirect up to 12,000yen
  • Information Disclosure up to 11,000yen
  • other up to 5,000yen
  • Not Eligible
    For Bounty
  • Missing security headers
  • Vulnerabilities found in domains out-of-scope
  • Vulnerabilities affecting outdated browsers or platforms
  • Presence of autocomplete attribute on web forms
  • Missing secure flags on non-sensitive cookies
  • Reports of insecure SSL/TLS ciphers
  • Vulnerabilities with capability of username/email enumeration
  • Descriptive error messages (e.g. Stack traces, application or server errors)
  • Banner disclosure on servers
  • Misconfiguration of SPF record, DMARC and DKIM
  • Invalid HTTP method
  • Vulnerabilities found through automated scans or tools
  • Hypothetical or theoretical vulnerabilities without actual verification code
  • Vulnerabilities with capability of Denial of Service attack
  • Vulnerabilities with capability of brute force against password or tokens
  • Password, email and account policies, such as email id verification, reset link expiration, password complexity
  • Login/Logout CSRF
  • Missing CSRF tokens
  • CSRF on forms that are available to anonymous users (e.g. contact form)
  • Notes
    For eligibility details, please refer to the "Terms of Service Article 4" of this site.
    Report Bug

    Bounty Reward History

    • 2019/10/18 16:45

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/18 16:45

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:55

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:53

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:53

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:53

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:51

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:25

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:17

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:14

      paid for kazkiti 's report

      報奨金 ポイント
    • 2019/10/16 18:08

      paid for Private 's report

      報奨金 ポイント
    • 2019/10/16 18:06

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/15 14:35

      paid for Nick 's report

      報奨金 ポイント
    • 2019/08/09 14:23

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 14:21

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 14:19

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 14:17

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 14:16

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 14:04

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 14:03

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 13:59

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 13:51

      paid for mineo 's report

      報奨金 ポイント
    • 2019/08/09 13:51

      paid for Private 's report

      報奨金 ポイント
    • 2019/08/09 13:50

      paid for mahajan344 's report

      報奨金 ポイント
    • 2019/08/09 13:46

      paid for Private 's report

      報奨金 ポイント
    Report Bug

    Zaim Inc.

    Available Program:
    1
    Closed Program:
    3
    Bounties Range:
    ¥ 1,000¥ 132,000
    Reward Type:
    Bounty Point

    Top Hackers

    ALL RANKING