Whatbox Logo

Security Policy > Shared servers

This page provides scope and reward information for this portion of our bug bounty program, please see the Security policy for general rules if you haven't already.

Scope & Rewards

Endpoint XSS CSRF Auth Flaw Privilege escalation
https://*.whatbox.ca:443/login 250 USD 500 USD 1,500 USD OOS
https://*.whatbox.ca:443/logout 250 USD OOS 1,500 USD OOS
https://*.whatbox.ca:443/labs* 250 USD OOS N/A OOS
https://*.whatbox.ca:443/api* 250 USD OOS N/A OOS
https://*.whatbox.ca:443/filebrowser/ 250 USD OOS N/A OOS
https://*.whatbox.ca:443/private/ 250 USD OOS OOS OOS
sftp://*.whatbox.ca:22 OOS OOS 1,500 USD 4,000 USD
ftpes://*.whatbox.ca:21 OOS OOS 1,500 USD 4,000 USD
ssh://*.whatbox.ca:22 OOS OOS 1,500 USD 4,000 USD

At this time, all other exploit types, and all other endpoints are out of scope.

Please check that you are testing: