Instruction: Grammarly add-on (works with MS Word and Outlook for Windows), where authorized users can check their Word documents or emails. Auto-update functionality can be tested on an [older version](https://download-office.grammarly.com/installer/GrammarlyAddInSetup6.6.110.exe).
Download URL: https://download-office.grammarly.com/latest/GrammarlyAddInSetup.exe .
Prerequisites: MS Word/Outlook, .NET Framework 4.5.
Vulnerabilities are eligible for submission if they’re reproducible on **any version of** Word/Outlook on Windows 10 with **all latest security patches applied**. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word/Outlook license if the report appears being valid.
Integrity requirements: high
Max severity: critical
Asset identifier: *.grammarly.com
Asset type: URL
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: *.grammarly.io
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: *.grammarlyaws.com
Asset type: URL
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: Browser Extensions
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: The extension is available in the extension/add-on store of the respective browser:
* [Chrome](https://chrome.google.com/webstore/detail/grammarly-for-chrome/kbfnbcaeplbcioakkpcpgfkobkghlhen?hl=en)
* [Firefox](https://addons.mozilla.org/en-US/firefox/addon/grammarly-1/)
* [Edge](https://www.microsoft.com/en-us/store/p/grammarly-for-microsoft-edge/9p59wxtbhzzm)
* [Safari](https://safari-extensions.apple.com/details/?id=com.grammarly.spellchecker.extension-W8F64X92K3)
**Browser Extension vulnerabilities will not be distinguished. For example, if a vulnerability exists in the Chrome and Safari extensions, we will consider it the same vulnerability and will only award one bounty.**
Integrity requirements: high
Max severity: critical
Asset identifier: Capture the Flag
Asset type: OTHER
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: The first hacker who reports the `$FLAG` saved in the document (`document_id: 1198436185`) of the user `h1_ctf@grammarly.com` (`user_id: 1411519194`) will be awarded a **$100K bounty**.
Instruction: [Download link](https://download-editor.grammarly.com/osx/Grammarly.dmg):
Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting.
Integrity requirements: high
Max severity: critical
Asset identifier: Grammarly Editor for Windows
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: [Download link](https://download-editor.grammarly.com/windows/GrammarlySetup.exe)
Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting.
Integrity requirements: high
Max severity: critical
Asset identifier: Grammarly for Developers Text Editor SDK
Instruction: Vulnerabilities are eligible for submission if they’re reproducible on any version of Word on OS with all latest security patches applied. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word license if the report appears to be valid.
You can install **Grammarly for Microsoft Word** at https://appsource.microsoft.com/en-us/product/office/WA200001011
Integrity requirements:
Max severity: critical
Asset identifier: com.grammarly.android.keyboard
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Vulnerabilities in Grammarly Mobile Keyboard for Android with a working proof of concept may qualify for an additional bounty through the [Google Play Security Rewards Program](https://hackerone.com/googleplay). To see which vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program’s [Vulnerability Criteria](https://hackerone.com/googleplay).
Integrity requirements: high
Max severity: critical
Asset identifier: com.grammarly.keyboard
Asset type: APPLE_STORE_APP_ID
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: grammarly.ai
Asset type: URL
Availability requirement: none
Confidentiality requirement: none
Eligible for bounty: true
Eligible for submissions: true
Instruction: This service doesn't handle, store or transfer any internal data or data of our users. Additionally, it is located in a separate VPC and isn't part of our infrastructure.
We accept only **critical submissions**(SSRF, XXE, SQLi, RCE) with a clearly reproducible **proof of concept code**.
_Reports that don't match these criteria will be closed as "N/A"._
