Bug Bounties

CS Money

Powered by: 

Allows bounty splitting: 

Average time to first program response: 50

Average time to bounty awarded null: 121

Average time to report resolved: 

Handle cs_money

Managed program: false

Name: CS Money

Offers bounties: true

Offers swag: false

Response efficiency percentage: 75

Submission state: open

Url: https://hackerone.com/cs_money

Website: https://cs.money

In scope:

  • Asset identifier: 3d.cs.money
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: none
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction:  [3D](https://3d.cs.money/) Skin model generator, only potential threats that directly affects main production are to be submitted. * User privacy * Vulnerabilities, directly affecting **cs.money**/**new.cs.money**
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: cs.money
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: ==cs.money== (without subdomains, e.g. ==grafana.cs.money==, ==community.cs.money== and so on) [CS.MONEY](https://cs.money/) * Anything else, not described in scope, that can affect User experience, security and privacy
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: support.cs.money
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: [Technical support web client.](https://support.cs.money/) * Direct access to the client * User privacy * Vulnerabilities, directly affecting **cs.money**/**new.cs.money** #Important information If you are to test anything related to typing in the support chat, please, send following message before that. `Hello. I'm a pentester from HackerOne. I'm going to test something in support chat. Your developers are aware of that.`
  • Integrity requirements: low
  • Max severity: critical



  • Asset identifier: wiki.cs.money
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: none
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: [WIKI.CS.MONEY](https://wiki.cs.money/) contains detailed description and characteristics of all CS:GO skins as well as a unique 3D viewing system. * User privacy * Vulnerabilities, directly affecting **cs.money**/**new.cs.money**
  • Integrity requirements: low
  • Max severity: medium