Ed

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Personal machine HARDWARE high high high critical
http://doesfranshaveashell.com/ URL high high high critical
https://bugbountyguide.com/ URL high high high critical
The source code can be found here: [https://github.com/EdOverflow/bugbountyguide](https://github.com/EdOverflow/bugbountyguide).
https://cryptojourney.com/ URL high high high critical
Cryptojourney is a website for learning the basics of cryptography throughout history.
https://edoverflow.com/ URL high high high critical
This is my personal website. https://edoverflow.com uses https://gitalk.github.io/ to allow readers to comment on posts. The comment section supports [Markdown](https://daringfireball.net/projects/markdown/) and also requires a GitHub secret token to be embedded in the source code. If you are able to trigger XSS or bypass the callback URL in the OAuth flow (currently set to `https://edoverflow.com/`) for that comment section, these would be valid issues and could potentially have a high impact. Please do not spam the comment section with XSS payloads, instead set up https://gitalk.github.io/ locally and try to inject web script there.
https://edoverflow.keybase.pub/ URL high high high critical
https://git.edoverflow.com/ URL high high high critical
This is a self-hosted GitLab instance. I am mainly interested in reports where you are able to create an account on the platform, I am leaking sensitive information publicly, or my instance is vulnerable to a previously-disclosed vulnerability. If you actually discover a security issue in GitLab itself, please submit it to https://hackerone.com/gitlab.
https://github.com/EdOverflow/* SOURCE_CODE high high high critical
Any GitHub projects created by "EdOverflow" are in scope.
https://github.com/securitytxt/* SOURCE_CODE high high high critical
Any GitHub projects by the "securitytxt" organization are in scope.
https://keybase.pub/edoverflow/ URL high high high critical
The application is **not** in scope, but anything that I upload is in scope.
https://securitytemplate.site/ URL high high high critical
The source code for this project is located here: https://github.com/EdOverflow/security-template.
https://securitytxt.org/ URL high high high critical
The source code for this project can be found here: https://github.com/securitytxt/securitytxt.org
BBAC OTHER high high high critical
https://wewriteyour.report/ URL high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Personal email OTHER none
Please do not report issues concerning my personal email addresses unless the severity is very high.
https://keybase.io/edoverflow URL none
https://twitter.com/edoverflow URL none
Personal machine HARDWARE high high high none
http://doesfranshaveashell.com/ URL high high high none
https://edoverflow.keybase.pub/ URL high high high none
https://keybase.pub/edoverflow/ URL high high high none