-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
54 lines (38 loc) · 3.03 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Dear CTF Participants,
We are thrilled to kick off the Solidarity Bug Bounty Challenge in partnership with Action Contre la Faim and Hack4Values. This exciting challenge aims to support Action Contre la Faim's mission and empower non-profit organizations worldwide through responsible security testing.
Scope:
In this Bug Bounty Challenge, the following domains are in scope:
*.actioncontrelafaim.org
linkmysupply.com
www.jedej-jedonne.org
https://acf-app.org/
Out of scope:
Please note that the following domains are specifically out of scope for this challenge:
kobo2.actioncontrelafaim.org
enketo.actioncontrelafaim.org
dhis2.actioncontrelafaim.org
Ovide.actioncontrelafaim.org
Ovide-demo.actioncontrelafaim.org
Ovide-test.actioncontrelafaim.org
Rules:
We kindly request that you adhere to the following rules during the Bug Bounty Challenge:
Please follow the best practices of responsible disclosure.
Social engineering is strictly prohibited.
Any activities that may cause Denial-of-Service (DoS/DDoS) are strictly prohibited.
Scoring and Points Distribution:
To determine your ranking in the challenge, points will be allocated based on the following scale:
Critical: 15 points
High: 8 points
Medium: 3 points
Low: 1 point
Only vulnerabilities demonstrating a direct impact will be considered eligible for scoring. The Common Vulnerability Scoring System (CVSS) score will be used as a basis for assessing the severity of vulnerabilities. However, please note that the CVSS score is not perfect, and the triage team will collectively determine the final severity rating. In general, vulnerabilities that have the potential to compromise the confidentiality and/or integrity of ACF users/donors' data will be reevaluated and given higher priority.
Account and Submission Guidelines:
To participate in the Solidarity Bug Bounty Challenge, please follow these steps:
Create an account using the following username pattern: "team-player". For example, if you are playing for the Hack4Values team and your username is "Bask," your username should be "hack4values-bask."
Once your account is created, configure two-factor authentication (2FA), and validate your email address.
Visit our dedicated Vulnerability Disclosure Program (VDP) on the Yogosha platform to submit your vulnerability reports: https://app.yogosha.com/programs/7PM8RmmygTuyqH4C0XKEei
Note that the same account can be used by all members of a team.
We believe that your skills and expertise will make a significant impact during this challenge. By actively participating, you not only contribute to a worthy cause but also have the chance to earn valuable points for the CTF.
Remember, the Solidarity Bug Bounty Challenge will run from Wednesday, May 10th at 8 pm until the night of the CTF on Friday, May 12th at midnight. Don't miss this opportunity to demonstrate your security prowess and be a force for positive change.
If you have any questions or need assistance, please don't hesitate to reach out to us.
Best regards,