Security Rewards > Primary website
Specific exclusions
We are not currently providing rewards for the following types of vulnerabilities:
- Denial of service exploits are not currently included.
Reward amounts
Your cash reward is the largest single value your exploit can be categorized under in the following table. Whatbox customers may ask to receieve their reward as a service credit instead of cash.
| Category | Cash | Service credit |
|---|---|---|
| XSS | 150 USD | 300 USD |
| XSS (bypassing CSP) | 1,500 USD | 3,000 USD |
| CSRF | 300 USD | 600 USD |
| Authentication bypass | 1,500 USD | 3,000 USD |
| SQL Injection | 10,000 USD | 20,000 USD |
| Arbitrary code execution | 4,000 USD | 8,000 USD |
| Arbitrary code execution (with privilege escalation) | 15,000 USD | 30,000 USD |
| Persistent code change | 10,000 USD | 20,000 USD |