GitHub Gist
Synopsis
Gist is one of the first products launched by GitHub after GitHub.com. It is a service for sharing snippets of code or other text content. Gist is built on Ruby on Rails and leverages a number of Open Source technologies.
Rewards range from $200 up to $10000 and are determined at our discretion based on a number of factors. For example, if you find a reflected XSS that is only possible in Opera, and Opera is <2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, at >60% of our traffic, will earn a much larger reward.
You can find the app at https://gist.github.com.
Bounty scope
Resources and features within the
gist.github.comdomain.TCP ports 80, 443, 22, 9418.
Git services are in scope.
Recently collected GitHub Gist bounties:
| 1 |  |
500 pts Kamil Hismatullin Gist archive download content spoofing |
| 2 |  |
500 pts Ershad Kunnakkadan Disclosure of Gist forks turned secret |
| 3 |  |
400 pts Alex Suraci Gists deleted on web were still available via git operations |
| 4 |  |
2000 pts José Miguel Parrella Improper restriction of Gist subdomain routing |
| 5 |  |
800 pts BHC CSRF in Gist abuse reporting |