OpenBugBounty.org > Bug Bounty List > ooPoll Mobile App Bug Bounty Program

ooPoll Mobile App Bug Bounty Program

ooPoll Mobile App runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of ooPoll Mobile App

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between ooPoll Mobile App and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

oopoll.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Introduction:
The ooPoll bug bounty program aims to encourage responsible security research. This program invites security researchers to identify and submit vulnerabilities affecting the ooPoll platform.

Scope:

The bug bounty program covers the following domains/services: https://oopoll.com.
Vulnerabilities in scope include Cross-Site Scripting (XSS), Open Redirect, Cross-Site Request Forgery (CSRF), and Improper Access Control.
Out of Scope:

Denial of Service (DoS) attacks
Spamming
Automated scanning findings without manual verification

Testing Requirements:

Eligibility and Rules:

Participants must not violate any law or disrupt or compromise any data that is not their own.

Employees and affiliates of ooPoll are not eligible to participate.

Vulnerabilities must be disclosed to the ooPoll security team privately. Public disclosure of the vulnerability, before acknowledgment from ooPoll, will render the submission ineligible for a reward.

Submission Guidelines:

Provide a detailed description of the vulnerability, including the affected URL(s).
Include steps to reproduce the vulnerability.
Attach proof of concept.

Legal:

Participants are responsible for complying with all applicable laws.
ooPoll reserves the right to decide if the minimum criteria for a reward are met.

Possible Awards:

Bug Bounty Rewards with ooPoints:

At ooPoll, we value the efforts of security researchers and understand the importance of rewarding their contributions. As a startup, we're leveraging our platform's unique offerings for the rewards.

Here's how it works:

Critical Vulnerabilities: We're open to negotiating a fair cash reward.
High Severity: 90,000 ooPoints
Medium Severity: 45,000 ooPoints
Low Severity: 18,000 ooPoints

Why ooPoints?

ooPoints are our in-app currency, which can be redeemed for a variety of rewards in our ooMall. Here, you can exchange points for gift cards, coupons, and exclusive deals. By contributing to our platform's security, you're not just helping us; you're earning points to spend on rewards you'll love. Remember, we're all about building a secure and rewarding community at ooPoll. Your expertise helps us achieve that, and we’re excited to thank you with rewards that matter.

Special Notes:

By participating, researchers agree to adhere to these terms. ooPoll is committed to working with the security community to find and fix security vulnerabilities.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

[email protected]

General Requirements:

ooPoll Mobile App Bug Bounty Program

Introduction:
The ooPoll Mobile App Bug Bounty Program is designed to encourage the responsible reporting of security vulnerabilities in the ooPoll mobile applications for Android and iOS.

Scope:

In-scope targets include the ooPoll mobile applications on Android and iOS platforms.

Vulnerabilities in scope include but are not limited to, Cross-Site Scripting (XSS), Open Redirect, Cross-Site Request Forgery (CSRF), and Improper Access Control specific to the mobile environment.
Out of Scope:

Vulnerabilities in third-party applications or services integrated with the ooPoll mobile app.
User interface bugs or typographical errors without a security impact.
Denial of Service attacks against the app or its infrastructure.

Testing Requirements:

Eligibility and Rules:

Participants must not disrupt any service or data and must not violate any law.
Employees and affiliates of ooPoll are ineligible.
Issues must be reported directly and privately to ooPoll.
Public disclosure before ooPoll's acknowledgment will disqualify the submission.
Submission Guidelines:

Submissions must specify the platform (Android/iOS) and app version.
Detailed steps should be provided to reproduce the issue.
Include screenshots, logs, or a video for clarity, if possible.

Legal:

By participating, researchers acknowledge they are responsible for complying with all applicable laws and regulations.
ooPoll can decide the submission reward and deem what constitutes a qualifying vulnerability.

Possible Awards:

Special Notes:

Researchers' participation in this program is an agreement to these terms. ooPoll is dedicated to collaborating with the security community to identify and remediate vulnerabilities in our mobile applications.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Researcher's comments

No comments so far.

ooPoll Mobile App Bug Bounty Program

Bug Bounty Scope

Non-Intrusive Submissions Handling

Other Submissions Handling

Community Rating

Researcher's comments

Latest Patched

Latest Blog Posts

Recent Recommendations


Response Time How quickly researchers get responses to their submissions.
Remediation Time How quickly reported submissions are fixed.
Cooperation and Respect How fairly and respectfully researchers are being treated.