Bug Bounties

SHEIN

Powered by: 

Allows bounty splitting: 

Average time to first program response: 12

Average time to bounty awarded null: 67

Average time to report resolved: 75

Handle shein

Managed program: true

Name: SHEIN

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/shein

Website: http://shein.com

In scope:

  • Asset identifier: *.romwe.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: *.romwe. [com | co.in ] .romwe.org 1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (ie: .com, .co.in and .org), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.** 2. Please read the "Important guidelines regarding cross-host vulnerabilities" section of the policy page as the guidelines apply for this asset.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.shein.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: *.shein.[com | in | tw | se | com.hk | com.vn | com.mx | co.uk ] 1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (example: .com, .in, .tw etc), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.** 2. Please read the "Important guidelines regarding cross-host vulnerabilities" section of the policy page as the guidelines apply for this asset.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.sheingsp.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: 1080248000
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: [ROMWE - Fashion Store](https://apps.apple.com/app/romwe-fashion-store/id1080248000) on the Apple App Store
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: 878577184
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: [SHEIN-Fashion Shopping Online](https://apps.apple.com/app/shein-fashion-shopping-online/id878577184) on the Apple App Store
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.romwe
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: [ROMWE](https://play.google.com/store/apps/details?id=com.romwe) on the Google Play Store
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.zzkko
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: [SHEIN-Fashion Shopping Online](https://play.google.com/store/apps/details?id=com.zzkko) on the Google Play Store
  • Integrity requirements: 
  • Max severity: critical