YouPorn has launched a bug bounty program, paying security researchers up to US$25,000 for information that could help prevent the free porn website from getting boned. Here's what you need to know.
YouPorn's bug bounty program is very similar to the one its sister site, Pornhub, launched last year. Both of the programs are operated through bug bounty provider HackerOne. The minimum payment for bugs found is US$25. Maximum payment is capped at US$25,000.
The kind of vulnerabilities YouPorn is looking for include:
- Remote Shell / Command Execution
- Remote Code Execution
- SQL Injection (with output)
- Significant Authentication Bypass
- Local file Inclusion
- SQL Injection (blind)
- Insecure Direct Object References
- Server Side Request Forgery
- Stored Cross Site Scripting
- Other Cross Site Scripting
There are terms and conditions. For example, you're not allowed to use brute force testing as that may risk bringing down services on YouPorn (uptime is very important here).
You can report YouPorn bugs and find more details on the bug bounty program on the HackerOne portal.