Mamba Bug Bounty Program
Mamba invites you to participate in the program Wamba Bug Bounty, whose goal is to search for possible vulnerabilities of our service. We pay a reward for every vulnerability discovered, the existence of which was confirmed by our specialists. By now we have paid more than $35000.We will confirm receipt of your message.
Reward amountWe devide our services to critical and other services.
Critical services include user authorization, the user's personal data storage system, and payment systems.
- Injections of the program code and SQL statements - $3000.;
- Crossite Scripting (XSS) - $300.;
- Cross-site forgery of requests (CSRF) - $300.;
- Vulnerabilities in session management - $150.;
- Injections of the program code and SQL statements - $1000.;
- Crossite Scripting (XSS) - $150.;
- Cross-site forgery of requests (CSRF) - $150.;
- Vulnerabilities in session management - $100.;
Payment to the residents of the RF is processed via WebMoney or Paypal.
Please mind that a reward is only paid to the person who was the first to report the problem.
The principles of responsible disclosingWe are expecting following the principles of responsible disclosing from the people who have taken up searching vulnerabilities on Wamba service.
That means that a person who found a vulnerability and reported it via the form must not disclose the information about the vulnerability to third parties until it is fixed.
A participant of vulnerability search program can not disclose in any way the information to which he/she got access as a result of the researches. We refer here users' personal details and other details which can interfere with the work of Wamba service.