In the past we paid bug bounties for valuable information about vulnerabilities on our products or website.
We haven't put up a website like CURL project here, but we may formalize it more in the future.
To give a few examples for the websites:
- You can read a file you shouldn't see.
- You circumvented the CMS login. Create a new article with your name as proof and contact us.
- You can write a file to our web server, e.g. write a text file with your name and contact us.
- You can execute code own our web server, e.g. run ls -al and show us the output.
- You can run SQL on our database servers.
- Have you be able to crash an app with bad input data? Especially if that could lead to stack corruption and thus execute input data as code.
- Have you found a way, where you can do a SQL injection?
- Have you found a way to circumvent a login or security privilege checking?
- Have you found a way to circumvent our license checks?
Please note that not all crashes are a vulnerabilities, some things got reported before, may be caused by code not from us (open source libraries) and not all vulnerabilities can be exploited.
If you have something, please contact us.