BugBounty.jp - バグバウンティ・プラットフォーム

Total Reports：773
Total Valid Reports：96

Opened

Chatwork

Program

Chatwork
chat application

Program Logo

Period

2021/01/01 〜 2022/12/31

Bounty Range

¥1,000 ～ ¥100,000

Rules

Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.

**************************************
This is a production environment. Do not create account more than necessary to perform tests, and please delete your account as soon as you finished your tests.
Please note that you should only perform tests against account you created, never other users account.
To be eligible for a bounty reward under this program you must to follow the rules stipulated above.
**************************************

Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation on the Terms of Service of the “BugBounty.jp” and/or performance of DoS (Denial of Service) attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

Scope

Web application

Name

Chatwork アプリケーション

URL

https://www.chatwork.com/
https://go.chatwork.com/

Domain

www.chatwork.com
go.chatwork.com
appdata.chatwork.com
assets.chatwork.com
front.chatwork.com
recruit.chatwork.com

iOS application

Name

Chatwork

URL

https://itunes.apple.com/jp/app/id463672966

Domain

www.chatwork.com

Android application

Name

Chatwork

URL

https://play.google.com/store/apps/details?id=jp.ecstudio.chatworkandroid

Domain

www.chatwork.com

Eligible For Bounty: Command Injection　up to 100,000yen
Remote Code Execution　up to 100,000yen
SQL Injection　up to 100,000yen
Cross-Site Scripting　up to 75,000yen
Authentication　up to 50,000yen
Server-Side Request Forgery (SSRF)　up to 47,000yen
other　up to 30,000yen
Cross-Site Request Forgery (CSRF)　up to 20,000yen
Path Traversal　up to 13,000yen
Privilege Escalation　up to 11,000yen
HTTP Response Splitting　up to 11,000yen
Forced Browsing　up to 11,000yen
Cleartext Transmission of Sensitive Information　up to 11,000yen
Information Disclosure　up to 5,000yen
Open Redirect　up to 5,000yen
Session Fixation　up to 5,000yen
Not Eligible For Bounty: Self XSS
Issues found through automated testing
Report without POC
Open Redirect with host header
Misconfiguration of SPF record, DMARC and DKIM
CSRF on logout
API Rate Limiting
Lack of autocomplete attribute on password form(s)
Notes: For eligibility details, please refer to the "Terms of Service Article 4" of this site.

Report Bug

Bounty Reward History

2022/03/08 09:11

¥50,000 (50 pts) was paid for strikersatya 's report
2022/02/24 11:41

¥10,000 (10 pts) was paid for Private 's report
2022/02/09 16:26

¥10,000 (10 pts) was paid for 39ff 's report
2022/02/02 16:35

¥50,000 (50 pts) was paid for strikersatya 's report
2022/01/05 16:37

¥5,000 (5 pts) was paid for Phyo Ko 's report
2022/01/05 16:35

¥30,000 (30 pts) was paid for Private 's report
2021/12/22 17:54

¥100,000 (100 pts) was paid for Jiri 's report
2021/12/15 16:03

¥3,000 (3 pts) was paid for Private 's report
2021/12/15 11:43

¥100,000 (100 pts) was paid for Jiri 's report
2021/12/07 11:08

¥30,000 (30 pts) was paid for Private 's report
2021/11/24 17:02

¥1,000 (1 pts) was paid for Private 's report
2021/11/24 17:02

¥5,000 (5 pts) was paid for Private 's report
2021/10/05 11:00

¥50,000 (50 pts) was paid for sheikh rishad 's report
2021/08/05 09:49

¥20,000 (20 pts) was paid for 56 's report
2021/04/22 10:41

¥30,000 (30 pts) was paid for ooooooo_q 's report
2021/03/23 18:00

¥10,000 (10 pts) was paid for Ravindra Kailas Lakhara 's report
2021/03/22 17:27

¥10,000 (10 pts) was paid for apbaby 's report
2021/02/18 12:05

¥50,000 (50 pts) was paid for saugatpk5 's report
2021/01/19 09:28

¥10,000 (10 pts) was paid for tripoloski 's report
2020/12/02 13:01

¥40,000 (40 pts) was paid for Private 's report
2020/12/02 13:00

¥40,000 (40 pts) was paid for Private 's report
2020/11/09 11:07

¥3,000 (3 pts) was paid for 8ayac 's report
2020/09/24 09:18

¥30,000 (30 pts) was paid for 56 's report
2020/09/24 09:14

¥5,000 (5 pts) was paid for 56 's report
2020/08/28 16:14

¥5,000 (5 pts) was paid for Private 's report
2020/07/27 16:12

¥3,000 (3 pts) was paid for Private 's report
2020/07/20 15:12

¥50,000 (50 pts) was paid for Todayisnew 's report
2020/06/12 18:54

¥3,000 (3 pts) was paid for Private 's report
2020/06/10 12:05

¥4,000 (4 pts) was paid for apbaby 's report
2020/06/10 12:03

¥4,000 (4 pts) was paid for apbaby 's report
2020/06/04 22:04

¥3,000 (3 pts) was paid for Rizky Magrisya 's report
2020/05/21 08:35

¥5,000 (5 pts) was paid for Private 's report
2020/05/19 14:01

¥1,000 (1 pts) was paid for Private 's report
2020/05/14 08:09

¥30,000 (30 pts) was paid for Private 's report
2020/05/14 07:48

¥20,000 (20 pts) was paid for suvarnesh 's report
2020/02/25 17:47

¥1,000 (1 pts) was paid for Private 's report
2020/01/16 14:11

¥40,000 (40 pts) was paid for Private 's report
2019/12/27 12:23

¥40,000 (40 pts) was paid for Private 's report
2019/11/27 13:38

¥1,000 (1 pts) was paid for Private 's report
2019/11/11 11:08

¥3,000 (3 pts) was paid for Private 's report
2019/10/16 18:10

¥1,000 (1 pts) was paid for Private 's report
2019/10/16 18:01

¥1,000 (1 pts) was paid for Private 's report
2019/10/16 16:03

¥50,000 (50 pts) was paid for Todayisnew 's report
2019/10/04 13:50

¥20,000 (20 pts) was paid for Manish 's report
2019/06/13 14:32

¥50,000 (50 pts) was paid for eissen5c 's report
2019/06/10 14:08

¥10,000 (10 pts) was paid for mineo 's report
2019/06/06 10:04

¥1,000 (1 pts) was paid for talhasaeed226 's report
2019/05/28 10:37

¥1,000 (1 pts) was paid for Private 's report
2019/05/21 19:50

¥20,000 (20 pts) was paid for talhasaeed226 's report
2019/04/15 19:33

¥1,000 (1 pts) was paid for Private 's report
2019/03/22 19:09

¥1,000 (1 pts) was paid for Private 's report
2019/03/04 14:05

¥5,000 (5 pts) was paid for Private 's report
2019/02/20 17:52

¥5,000 (5 pts) was paid for Private 's report
2019/01/10 18:25

¥25,000 (25 pts) was paid for admin 's report
2018/12/19 17:51

¥7,000 (7 pts) was paid for kongwenbin 's report
2018/12/18 18:07

¥5,000 (5 pts) was paid for kongwenbin 's report
2018/11/21 16:56

¥10,000 (10 pts) was paid for kongwenbin 's report
2018/11/21 16:56

¥10,000 (10 pts) was paid for kongwenbin 's report
2018/10/26 17:04

¥1,000 (1 pts) was paid for payloadartist 's report
2018/10/25 18:28

¥1,000 (1 pts) was paid for payloadartist 's report
2018/10/25 18:27

¥50,000 (50 pts) was paid for Todayisnew 's report
2018/10/25 18:25

¥50,000 (50 pts) was paid for Todayisnew 's report
2018/09/28 16:00

¥5,000 (5 pts) was paid for Authprivate 's report
2018/09/05 17:29

¥1,000 (1 pts) was paid for Private 's report
2018/09/03 17:20

¥10,000 (10 pts) was paid for Private 's report
2018/08/31 11:58

¥1,000 (1 pts) was paid for Private 's report
2018/08/31 11:52

¥1,000 (1 pts) was paid for kusano 's report
2018/08/31 11:51

¥1,000 (1 pts) was paid for Private 's report
2018/08/17 11:18

¥50,000 (50 pts) was paid for Manish 's report
2018/07/05 18:47

¥50,000 (50 pts) was paid for Todayisnew 's report
2018/06/18 10:14

¥1,000 (1 pts) was paid for Private 's report
2018/06/12 11:00

¥5,000 (5 pts) was paid for tokoroten 's report
2018/04/10 09:59

¥50,000 (50 pts) was paid for Private 's report
2018/04/06 09:34

¥5,000 (5 pts) was paid for syntax-error 's report
2018/04/02 11:21

¥50,000 (50 pts) was paid for Todayisnew 's report
2018/03/27 14:33

¥50,000 (50 pts) was paid for ooooooo_q 's report
2018/03/16 19:43

¥1,000 (1 pts) was paid for Private 's report
2018/03/12 14:21

¥1,000 (1 pts) was paid for Private 's report
2018/02/19 14:18

¥10,000 (10 pts) was paid for kusano 's report
2018/02/19 12:58

¥20,000 (20 pts) was paid for Private 's report
2018/02/19 11:27

¥50,000 (50 pts) was paid for kongwenbin 's report
2018/02/19 10:20

¥5,000 (5 pts) was paid for Private 's report
2018/02/13 09:07

¥5,000 (5 pts) was paid for Private 's report
2018/02/05 10:07

¥1,000 (1 pts) was paid for ♠ Spade ♠ 's report
2018/01/30 20:15

¥1,000 (1 pts) was paid for zer0 's report