Bug Bounties

ALSCO

Powered by: 

Allows bounty splitting: 

Average time to first program response: 12

Average time to bounty awarded null: 

Average time to report resolved: 

Handle alsco

Managed program: false

Name: ALSCO

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/alsco

Website: http://alscotoday.com

In scope:

  • Asset identifier: http://checksw.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 1- Check if you can pass the two authentications provided by Secure Gateway mobile APP, Try any possible way to login without receiving the code, or try brute force the code or pass the rate limit. 2- Check if you can pass upload prevention system, try any file extension out of the list (jpg,jpeg,png,gif,jfif,mp4,doc,docx,pdf,xls,xlsx,ppsx,ppt,pptx,flv,rar,zip,htm,html) And the file you uploaded should function in a browser when visiting the file. 3- Check whether you can pass the Secure Gateway upload detector system, for example upload '.jpg' file It has the word [php_uname] in the file content (not in file name). Instructions For 2FA, you need to install 'Secure Gateway' APP on your phone to get onetime a code. Secure Gateway APP can be downloaded by clicking on the link below. For Apple Devices https://apps.apple.com/us/app/secure-gateway/id1633721151 For Android Devices https://play.google.com/store/apps/details?id=com.alscotoday.SecureGateway Then contact us to provide you with a test account to login to Secure Gateway APP. Guidelines: 1-Only full hack scenario will be accepted, e.g., edit the index page, or download the database. 2-Upload html file contain JavaScript are not considered as vulnerability, Unless you can change an index page, database or file on our system. 3-A recorded video must be included with every report submitted. 4- If you don't follow these guidelines we will not award a bounty for the report.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: royal.checksw.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction:  Check [Royal CMS] Against Common Injection include [XSS Injection , SQL Injection ,SQLi Injection , OS Injection ,Command Injection, URL Injection , Remote Code Execution, and privilege escalation] that could cause hack CMS and change major files. Guidelines: 1-Only full hack scenario will be accepted, e.g., edit the index page, or download the database. 2-Upload html file contain JavaScript are not considered as vulnerability, Unless you can change an index page, database or file on our system. 3-A recorded video must be included with every report submitted. 4- If you don't follow these guidelines we will not award a bounty for the report.
  • Integrity requirements: high
  • Max severity: critical