Scope items
Type
|
Identifier
|
Severity
|
Scope/Bounty
|
Application
|
https://app.andfrankly.com
(and related API subdomains)
|
Critical
|
Yes
|
Marketing web
|
https://www.andfrankly.com
|
Medium
|
Only for Critical vulnerabilities
|
Android: Play Store
|
com.andfrankly.app
|
Critical
|
Yes
|
iOS: App Store
|
911773424
|
Critical
|
Yes
|
Bounty rewards
We only provide rewards for, to us, unknown vulnerabilities that can be proven exploitable and at the sole discretion of &frankly to assess vulnerability level based on proof.
Vulnerability
|
Description
|
Bounty
|
Critical
|
Verified SQL injection, very severe XSS or similar. Risk of complete data loss or destruction.
|
$250-500 (or more depending on issue)
|
High
|
Severe XSS or possibility to circumvent core/critical access control mechanism. Risk of large data loss or destruction, and or highly privileged access
|
$100-250
|
Medium
|
Possibility to circumvent non-critical access control mechanism. Low risk of data loss / no possibility of data destruction nor access to sensitive information.
|
No bounty |
Low
|
E.g. disclosure of operating system or system component version, minor bugs/vulnerabilities that risk no personal data and/or only provides limited/non-sensitive access to functionality, requires social engineering or other non-technical means to exploit fully.
|
No bounty
|
Bounty contact
Please send the details of any vulnerability findings to tech@andfrankly.com and we will assist in validating your finding and confirm if it is eligible for a reward.
We answer all bug bounty requests and try to do so as fast as possible, but a confirmation that your bug has been received and/or an update on your case may take more than 2-3 weeks worst case. Please do not repeatedly request an update for your case, especially if you have already received a confirmation and/or just submitted it. We reserve the right to deny a reward for any bugs reported where we have received repeated request for updates and/or requests for updates too close to submission.