Bug Bounties

RATELIMITED

Powered by: 

Allows bounty splitting: 

Average time to first program response: 

Average time to bounty awarded null: 

Average time to report resolved: 

Handle ratelimited

Managed program: false

Name: RATELIMITED

Offers bounties: false

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/ratelimited

Website: https://ratelimited.me

In scope:

  • Asset identifier: *.ratelimited.me
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Any other domain
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: low
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: These are only *official* RATELIMITED domains, and not user-added.
  • Integrity requirements: low
  • Max severity: high



  • Asset identifier: Custom Webpages for Private Domains
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: none
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Vulnerabilities regarding the custom HTML implementation on private domains. This does not include XSS, as the user is meant to be able to add script tags into their own index page.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: api.ratelimited.me
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: This is the RATELIMITED API, used for file uploading.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://github.com/gtsatsis/RLAPI-v3-OOP
  • Asset type: SOURCE_CODE
  • Availability requirement: high
  • Confidentiality requirement: none
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: ratelimited.me
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical