Bug Bounties

Ed

Powered by: 

Allows bounty splitting: 

Average time to first program response: 4

Average time to bounty awarded null: 

Average time to report resolved: 

Handle ed

Managed program: false

Name: Ed

Offers bounties: false

Offers swag: true

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/ed

Website: https://edoverflow.com

In scope:

  • Asset identifier: BBAC
  • Asset type: OTHER
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://bugbountyguide.com/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: The source code can be found here: [https://github.com/EdOverflow/bugbountyguide](https://github.com/EdOverflow/bugbountyguide).
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://edoverflow.com/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: This is my personal website. https://edoverflow.com uses https://gitalk.github.io/ to allow readers to comment on posts. The comment section supports [Markdown](https://daringfireball.net/projects/markdown/) and also requires a GitHub secret token to be embedded in the source code. If you are able to trigger XSS or bypass the callback URL in the OAuth flow (currently set to `https://edoverflow.com/`) for that comment section, these would be valid issues and could potentially have a high impact. Please do not spam the comment section with XSS payloads, instead set up https://gitalk.github.io/ locally and try to inject web script there.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://github.com/EdOverflow/*
  • Asset type: SOURCE_CODE
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Any GitHub projects created by "EdOverflow" are in scope.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://github.com/securitytxt/*
  • Asset type: SOURCE_CODE
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Any GitHub projects by the "securitytxt" organization are in scope.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://securitytxt.org/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: The source code for this project can be found here: https://github.com/securitytxt/securitytxt.org
  • Integrity requirements: high
  • Max severity: critical