Bug Bounties

Cornershop

Powered by: 

Allows bounty splitting: 

Average time to first program response: 2

Average time to bounty awarded null: 366

Average time to report resolved: 841

Handle cornershop

Managed program: true

Name: Cornershop

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/cornershop

Website: http://cornershopapp.com

In scope:

  • Asset identifier: *.cornershop.io/*
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is where our internal assets reside. Bruteforce attacks on login forms, are not in the scope.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.cornershopapp.com/*
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: * If the same vulnerability is found on both the Production Environment and the QA Environment, only one bounty will be awarded.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.superpal.com/*
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is our QA environment * If the same vulnerability is found on both the Production Environment and the QA Environment, only one bounty will be awarded.
  • Integrity requirements: low
  • Max severity: critical



  • Asset identifier: *.superpal.io/*
  • Asset type: URL
  • Availability requirement: none
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is where our QA internal assets reside. Bruteforce attacks on login forms are not in the scope. * If the same vulnerability is found on both the Production Environment and the QA Environment, only one bounty will be awarded.
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: cornershopapp.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Download the app here: https://play.google.com/store/apps/details?id=com.cornershopapp.android
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: github.com/cornershop/*
  • Asset type: SOURCE_CODE
  • Availability requirement: none
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is our internal/external code repository. Code repositories outside this domain are not in scope, but will be analyzed on a case-by-case basis (i.e candidates' personal repositories with cornershop tests are *not* in scope, but public forks from private repositories are in scope). *Public repositories in cornershop github organization that are forked from 3rd parties are NOT elegible for bounties.*
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: io.cornershop.ios
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Download the app here: https://apps.apple.com/us/app/cornershop/id995060131
  • Integrity requirements: 
  • Max severity: critical