Bug Bounty Program

Requirements

• The bug must not have been previously reported

• You must not have created the buggy code or are in anyway involved in the creation of it

• The bug must be exploitable one of the Mobile Nations properties listed in the eligible domains section

Eligible Vulnerability Types

• Unauthenticated remote execution of arbitrary PHP code: US$500

• Unauthenticated remote malicious file inclusion: US$500

• Unauthenticated SQL injection that can modify the database: US$500

• Unauthenticated login to an account: US$500

• Unauthenticated persistent cross-site scripting (XSS): US$250

• Unauthenticated arbitrary file viewing that exposes configuration file contents: US$250

• Unauthenticated information disclosure that exposes website backup files: US$250

ELIGIBLE Domains

• passport.mobilenations.com
• crackberry.com
• www.androidcentral.com
• www.imore.com
• www.connectedly.com
• www.teslacentral.com
• www.vrheads.com
• www.webosnation.com
• forums.crackberry.com
• forums.imore.com
• forums.androidcentral.com
• forums.connectedly.com
• forums.teslacentral.com
• forums.vrheads.com
• forums.webosnation.com

Process

To receive the bounty you need to be the first to report the vulnerability to us via email [email protected] with full details of the vulnerability**.  The bounty will be paid as soon as we have confirmed that the vulnerability exists. The bounty will be paid via PayPal. The bounty can also be donated to a charity of your choice.

** Only one bounty is rewarded per vulnerability (even if it occurs on multiple domains).  Eg.  If the same vulnerability is exploitable on www.imore.com and www.vrhead.com, it is considered one vulnerability.

Rewarded Bounties

TBA