Qulture.Rocks

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://hackerone.qulture.rocks/ URL high medium high critical
This is an environment specific for hackerone. It has almost the same setup from the production environment, so any vulnerability found here, will probably be affecting both. Get in touch if you need test credentials to login to explore the app. Please do not report issues for our website www.qulture.rocks, only for the app on https://hackerone.qulture.rocks # Login strategy 1. We do not block or limit login attempts with invalid emails; 2. For valid emails, if the password is incorrect, we activate recaptcha after 2 wrong attempts (only in production env); 3. In order to avoid DDoS, valid users are never blocked due to failed login attempts. # Credentials Require the credentials by creating a report with title "Credentials request". We'll reply asap :) After we reply, you should close the report in two days, otherwise, we'll close it as informative. # TLS We are already aware that the environment is not running with the latest TLS* version, and that should stay out of scope. Our production environment is using the latest version. # Contacting us We kindly ask not to send us messages on emails that you may find on our website for issues related to this forum, prefer to send messages via hackerone platform.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity