Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity of user data, circumvent the privacy protections of user data, or enable access to a system within the infrastructure, such as: authentication bypass, XSS/SQL/XML injections, CSRF, SSRF, RCE...
If the issue you submitted does not reach the severity for a bounty, but we feel that it did in some way point out something useful for us, then we will be happy to reward you a "Bounty"®
Only exploit from the Nuit du Hack IP Address range will be considered valid.
Security bugs in third-party websites that integrate with program’s scopes.
Denial of Service and bruteforce vulnerabilities
Spam or Social Engineering techniques
We reserve the right to refuse or reward the submission with a bounty or a "Bounty” ®.
Please observe the following rules:
Submit bugs only through Bug Bounty plateform bountyfactory.io
A Bug Bounty submission must contain an example (unique request or PoC code) and description of the weakness, and provide enough information to analyze the progress of the attack and can be easily replayed, which will simplify the validation of bugs and will impact the amount of the reward.
The validity of each submission and the amount of reward shall be decided by the validation committee at Bounty-Time, as follows: