Whatbox Logo

Security Rewards > Primary website

Specific exclusions

We are not currently providing rewards for the following types of vulnerabilities:

  1. Denial of service exploits are not currently included.

Reward amounts

Your cash reward is the largest single value your exploit can be categorized under in the following table. Whatbox customers may ask to receieve their reward as a service credit instead of cash.

Category Cash Service credit
XSS 150 USD 300 USD
XSS (bypassing CSP) 1,500 USD 3,000 USD
CSRF 300 USD 600 USD
Authentication bypass 1,500 USD 3,000 USD
SQL Injection 10,000 USD 20,000 USD
Arbitrary code execution 4,000 USD 8,000 USD
Arbitrary code execution (with privilege escalation) 15,000 USD 30,000 USD
Persistent code change 10,000 USD 20,000 USD