Outside Bounty-time, contact with committee members will not be tolerated.
Don’t try to exploit any DoS vulnerabilities, social engineering attacks, physical attack or spam !
No Bruteforce allowed
Don't publicly disclose a bug before it has been fixed
We reserve the right to cancel this program at any time and the decision to pay a reward is entirely at our discretion.
Don’t violate any law and stay in the defined scope
You also must not disrupt any service, or compromise personal data
Any failure to comply with these rules will be sanctioned by exclusion of hunter’s submission and even worse...
To join the program, each hunter must create an account through the dashboard and read the rules.
This validation will constitute acceptance of this rules and code of conduct.
Each registrant will receive the title of HZV member for the entire duration of the Nuit Du Hack 2015.
No actual or past employee of QWANT, DENYALL or Yax.it can join the program.
Business: QWANT / DENYALL / Yax.it
Pwnage: Onemore, Nicob
Infrastructure + Business: Free_maN
To qualify for a bounty, you must:
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity of user data, circumvent the privacy protections of user data, or enable access to a system within the infrastructure, such as: authentication bypass, XSS/SQL/XML injections, CSRF, SSRF, RCE... (QWANT, Yax.it)
Exploit vulnerable Web Application by bypassing protections (DENYALL)
If the issue you submitted does not reach the severity for a bounty, but we feel that it did in some way point out something useful for us, then we will be happy to reward you a "Bounty"®
Only exploit from the Nuit du Hack IP Address range will be considered valid.
Security bugs in third-party websites that integrate with Qwant or Yax.it.
Denial of Service and bruteforce vulnerabilities
Spam or Social Engineering techniques
We reserve the right to refuse or reward the submission with a bounty or a "Bounty” ®.
Please observe the following rules:
Submit bugs only through dashboard
A Bug Bounty submission must contain an example (unique request or PoC code) and description of the weakness, and provide enough information to analyze the progress of the attack and can be easily replayed, which will simplify the validation of bugs and will impact the amount of the reward.
The validity of each submission and the amount of reward shall be decided by the validation committee at Bounty-Time, as follows: