Bug Bounty Program
About Our Program
At Cyber Crime Break (CCB), we value the security of our platform and appreciate the efforts of security researchers in making the internet a safer place. As a non-profit organization, we currently operate a Hall of Fame program to recognize the contributions of security researchers.
Rewards
While we cannot offer monetary rewards at this time, validated bug reports will earn researchers a permanent place in our Hall of Fame. Your contribution will be publicly acknowledged on our platform (with your permission).
Scope
Our bug bounty program currently covers:
- cybercrimebreak.org.in (main website only)
Note: Any other domains or applications are out of scope.
Out of Scope
The following vulnerabilities are considered out of scope:
- Clickjacking with no security impact
- Missing security headers (X-Frame-Options, CSP, etc.)
- Self-XSS requiring user interaction
- Descriptive error messages
- HTTP missing security headers
- Options http method enabled
- Cross-Site Request Forgery (CSRF) on non-sensitive actions
- Username/email enumeration
- Lack of rate limiting on public endpoints
- DNS/Subdomain takeover of unused domains
Note: Reports of these issues will not be eligible for Hall of Fame recognition.
Reporting Guidelines
When submitting a bug report, please include:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Proof of concept (if applicable)
- Potential impact of the vulnerability
- Your name/handle for Hall of Fame recognition
Hall of Fame Eligibility
To be eligible for our Hall of Fame:
- The bug must be previously unreported
- The report must be clear and detailed
- The vulnerability must be within our scope
- The researcher must follow responsible disclosure practices