Bug Bounty Program

About Our Program

At Cyber Crime Break (CCB), we value the security of our platform and appreciate the efforts of security researchers in making the internet a safer place. As a non-profit organization, we currently operate a Hall of Fame program to recognize the contributions of security researchers.

Rewards

While we cannot offer monetary rewards at this time, validated bug reports will earn researchers a permanent place in our Hall of Fame. Your contribution will be publicly acknowledged on our platform (with your permission).

Scope

Our bug bounty program currently covers:

  • cybercrimebreak.org.in (main website only)
Note: Any other domains or applications are out of scope.

Out of Scope

The following vulnerabilities are considered out of scope:

  • Clickjacking with no security impact
  • Missing security headers (X-Frame-Options, CSP, etc.)
  • Self-XSS requiring user interaction
  • Descriptive error messages
  • HTTP missing security headers
  • Options http method enabled
  • Cross-Site Request Forgery (CSRF) on non-sensitive actions
  • Username/email enumeration
  • Lack of rate limiting on public endpoints
  • DNS/Subdomain takeover of unused domains
Note: Reports of these issues will not be eligible for Hall of Fame recognition.

Reporting Guidelines

When submitting a bug report, please include:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Proof of concept (if applicable)
  • Potential impact of the vulnerability
  • Your name/handle for Hall of Fame recognition

Hall of Fame Eligibility

To be eligible for our Hall of Fame:

  • The bug must be previously unreported
  • The report must be clear and detailed
  • The vulnerability must be within our scope
  • The researcher must follow responsible disclosure practices

Contact

Submit your bug reports to: cybercrimebreak.mail@gmail.com

Please allow up to 48 hours for initial response.

Last updated: 2024

Back to Home