Whatbox Logo

Security Policy > Primary website

Reporting discoveries

Rewards payments will be paid exclusively via PayPal. If you cannot accept PayPal, your reward will be forefeit.

security@whatbox.ca

Scope

These rewards apply to whatbox.ca only. No subdomains.

Rewards

Rewards will be sent via PayPal only.

Category Cash Service credit
XSS 0 USD 0 USD
Missing or Incorrect HTTP Headers 0 USD 0 USD
Missing or Incorrect DNS Records 0 USD 0 USD
Weak TLS Ciphers 0 USD 0 USD
SSL Certificate Errors 0 USD 0 USD
CSRF 0 USD 0 USD
Spoofing 0 USD 0 USD
Phishing 0 USD 0 USD
Confusion 0 USD 0 USD
Internal Server Errors 0 USD 0 USD
Denial of Service 0 USD 0 USD
Rate Limits 0 USD 0 USD
Resource Use 0 USD 0 USD
Credential stuffing 0 USD 0 USD
XSS (bypassing CSP) 2,000 USD 8,000 USD
Authentication bypass 2,500 USD 10,000 USD
SQL Injection 15,000 USD 60,000 USD
Remote code execution 10,000 USD 40,000 USD
Unauthenticated file read 10,000 USD 40,000 USD
Unauthenticated file write 15,000 USD 60,000 USD