BugPoC

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.bugpoc.com URL critical
*.bugpoc.ninja URL critical
IMPORTANT! Please read the "Out of scope vulnerabilities" section before testing this domain.This domain is considered untrustworthy and most bugs affecting this domain are false-positives.
calc.buggywebsite.com URL critical
**LIMITED TIME ONLY XSS CHALLENGE!** - [http://calc.buggywebsite.com](http://calc.buggywebsite.com) *08/07 - 08/11* Ways to Win: 1. **$500** to 1st valid submission 1. **$400** to 2nd valid submission 1. **$300** to 3rd valid submission 1. **$200** to best blog write-up *(submit via Twitter on 08/12)* 1. **$100** to 6 raffle winners *(randomly chosen on 08/12)* Rules: 1. You must pop an `alert(domain)` showing `calc.buggywebsite.com` 1. You must **bypass CSP** 1. It must be reproducible using the latest version of *Chrome* 1. You must provide a working proof-of-concept on [bugpoc.com](https://bugpoc.com) FAQ: **Q: Can I publicly talk about this challenge?** *A: Yes! But please do not disclose your solution until 08/12* **Q: Can I get a hint?** *A: Yes! Follow @bugpoc_official on Twitter for hints* **Q: How do I enter the raffle?** *A: All valid solutions submitted before 08/12 will automatically be entered into the raffle* **Q: How to I submit my blog write-up** *A: Mention @bugpoc_official on Twitter on 08/12 with a link*

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.buggywebsite.com URL none