Mamba Bug Bounty Program

Mamba invites you to participate in the program Mamba Bug Bounty, whose goal is to search for possible vulnerabilities of our service. We pay a reward for every vulnerability discovered, the existence of which was confirmed by our specialists. By now we have paid more than $35000.

Program scope:

Where the vulnerability has been found

Choose the type of vulnerability

Describe the vulnerability

Fill in description

How to reproduce the vulnerability

The field is emply

Your name

The field is emply

Contact email

Incorrect email

Captcha

We will confirm receipt of your message.

Reward amount

We devide our services to critical and other services.
Critical services include user authorization, the user's personal data storage system, and payment systems.

Critical Services:

Injections of the program code and SQL statements - $3000.
Crossite Scripting (XSS) - $300.
Cross-site forgery of requests (CSRF) - $300.
Vulnerabilities in session management - $150.

Other services:

Injections of the program code and SQL statements - $1000.
Crossite Scripting (XSS) - $150.
Cross-site forgery of requests (CSRF) - $150.
Vulnerabilities in session management - $100.

In special cases, the amount of payment for the vulnerability found can be increased.
Please mind that a reward is only paid to the person who was the first to report the problem.

The principles of responsible disclosing

We are expecting following the principles of responsible disclosing from the people who have taken up searching vulnerabilities on Mamba service.
That means that a person who found a vulnerability and reported it via the form must not disclose the information about the vulnerability to third parties until it is fixed.
A participant of vulnerability search program can not disclose in any way the information to which he/she got access as a result of the researches. We refer here users' personal details and other details which can interfere with the work of Mamba service.