BrickFTP

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.brickftp.com URL critical
BrickFTP Web Application -- note that https://brickftp.com/ (with no subdomain) is our marketing site and not part of this asset.
BrickFTP Desktop Application for Windows or Mac DOWNLOADABLE_EXECUTABLES critical
app.brickftp.com URL critical
BrickFTP Web Application
*.files.com URL critical
**Files.com Web Application** **Please review the Out of Scope assets** -- note that not all subdomains of https://*.files.com are in scope for this asset. Please review the listing of assets marked Out of Scope prior to any testing. This list will change so please refer back during all phases of testing. The actual application URL will be created as https://*subdomain*.files.com when you create the trial account using the [BUGBOUNTY] process outlined in the Policy section.
FIles.com REST API OTHER critical
## REST API Full documentation for the REST API can be found here: http://developers.files.com/ The REST API URL is tied to your specific site (https://*sitename*.files.com) that was generated when you created the trial using the [BUGBOUNTY] setup process defined in the Policy section.
Files.com Desktop Application for Windows or Mac DOWNLOADABLE_EXECUTABLES none low none low
Download for desktop application is located here: https://www.files.com/docs/desktop/
app.files.com URL critical
Files.com Web Application
www.files.com URL none low none low
This is the main marketing site for Files.com. On the marketing site asset (https://www.files.com) we are looking for vulnerabilities that lead to a vulnerability on the actual *.files.com platform.
your-assigned-subdomain.files.com URL critical
**Files.com Web Application** **Please review the Out of Scope assets** -- note that not all subdomains of https://*.files.com are in scope for this asset. Please review the listing of assets marked Out of Scope prior to any testing. This list will change so please refer back during all phases of testing. The actual application URL will be created as https://*your-assigned-subdomain*.files.com when you create the trial account using the [BUGBOUNTY] process outlined in the Policy section.
Files.com SDK's OTHER critical
Full documentation for the Files.com SDK’s can be found here: https://developers.files.com/#per-language-sdks

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
www.brickftp.com URL none
The BrickFTP marketing site is out of scope unless a vulnerability there leads to an issue with the main application.
BrickFTP Desktop Application for Windows or Mac DOWNLOADABLE_EXECUTABLES none
https://developers.files.com/ URL none
https://developers.files.com/ is a documentation site and is out of scope for the bounty program.
https://status.files.com/ URL none
https://status.files.com/ is a status site and is out of scope for this bounty program.
mail.files.com URL none
mail.files.com is an old domain and is out of scope for this program
developers.files.com URL none
https://developers.files.com/ is a documentation site and is out of scope for the bounty program.
status.files.com URL none
https://status.files.com/ is a status site hosted by StatusPage and is out of scope for this bounty program.