Bug Bounties

Skinport

Powered by: 

Allows bounty splitting: 

Average time to first program response: 5

Average time to bounty awarded null: 20

Average time to report resolved: 

Handle skinport

Managed program: true

Name: Skinport

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/skinport

Website: https://skinport.com

In scope:

  • Asset identifier: api.skinport.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Public REST API - Docs: https://docs.skinport.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: app.skinport.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Backend: [app.skinport.com](app.skinport.com) **Important Note:** Alias of skinport.com/api/ (to app.skinport.com/api/)
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: skinport.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: skinport.com (without subdomains, e.g. screenshot.skinport.com, float.skinport.com and so on) Frontend: [skinport.com](https://skinport.com) **Important Note:** - skinport.com/api/ (redirected to app.skinport.com/api/) submissions, please use app.skinport.com scope! - skinport.com/support: If you are to test anything related to typing in the support ticket, please, send following message before that. `Hello. I'm a pentester from HackerOne. I'm going to test something in support ticket. Your developers are aware of that.`
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: skinport.com/blog/
  • Asset type: URL
  • Availability requirement: none
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: low
  • Max severity: medium