find bugs, get rewards
Client mail, phone numbers, or service information
in general access to any conf.
arbitrary code execution
removal, reinstallation and other critical actions with client VPS
any Improper interaction with services and customers
And other ways to identify client conf.
Remote code execution (RCE)
60 000 - 200 000 ₽
Local files access and more.
20 000 - 120 000 ₽
20 000 - 120 000 ₽
IDORs / Disclosure of sensitive information / Memory leaks
3 200 - 73 000 ₽
Non-critical backend bugs
500 - 1 000 ₽
(!) only new errors are paid
Other vulnerabilities found
depends on criticality
Payments are made after the discovery and verification of a vulnerability within two business days.
If you haven't found the answer to your question - write to the chat, we will prompt
The bug bounty program is an initiative that allows interested parties (individuals, security researchers, etc.) to find vulnerabilities in web applications, mobile applications, software and other digital products of a company, providing them with a reward for the security bugs they find.
To participate in our bug bounty program, you must complete the following steps: Read our terms and conditions on the bug bounty page on our website. Study our vulnerability identification system. Send your report on the vulnerability found through our system. Wait for a response from our security team, who will review your report. If your message is found to be reliable and a vulnerability-related change is made, we will pay you a reward in accordance with our program.
The amount of the reward depends on the type and severity of the vulnerability.
Yes, participation in our company's bug bounty program is completely legal and in accordance with international standards.
We strive to respond quickly to every vulnerability report received through our bug bounty program.