{"id":8244,"date":"2022-04-04T17:42:29","date_gmt":"2022-04-04T15:42:29","guid":{"rendered":"https:\/\/leocare.eu\/?page_id=8244"},"modified":"2025-01-07T10:06:07","modified_gmt":"2025-01-07T09:06:07","slug":"bug-bounty","status":"publish","type":"page","link":"https:\/\/leocare.eu\/fr\/bug-bounty\/","title":{"rendered":"Leocare Bug Bounty"},"content":{"rendered":"\n

Scope<\/h2>\n\n\n\n

leocare.eu
app.leocare.eu
api.leocare.eu
leocare.eu
dash.leocare.fr<\/p>\n\n\n\n

Responsible behavior & disclosure<\/h2>\n\n\n\n

Responsible disclosure only<\/strong><\/p>\n\n\n\n

Never publish any user data, do not publish the details of the vulnerability before it has been patched<\/p>\n\n\n\n

Responsible behavior only<\/strong><\/p>\n\n\n\n

If you gain write access, do not modify or delete other users\u2019 data, use accounts you created for this purpose ; similarly, if you gain read access, do not dump the whole dataset, two entries that you created are enough.<\/p>\n\n\n\n

Do not perform any of the following operations<\/h3>\n\n\n\n
    \n
  • exploit any vulnerability (including 1-day and 0-day)<\/li>\n\n\n\n
  • steal other customer data<\/li>\n\n\n\n
  • delete customer data<\/li>\n\n\n\n
  • Phishing<\/li>\n\n\n\n
  • DDOS<\/li>\n<\/ul>\n\n\n\n

    Vulnerability types<\/h2>\n\n\n\n

    In-Scope<\/h3>\n\n\n\n
      \n
    • Type-1 & Type-0 XSS on modern browsers<\/li>\n\n\n\n
    • Type-2 XSS<\/li>\n\n\n\n
    • SQL injection<\/li>\n\n\n\n
    • shell command injection<\/li>\n\n\n\n
    • memory corruption<\/li>\n\n\n\n
    • disclosure of sensitive information<\/li>\n\n\n\n
    • Code Execution at server side: BOF, IOF, IUF, UAF, Race Condition in our applications
      Web Command Injection: Shell Injection, XSS, SQL Injection, PHP injection, XXE, SSRF \u2026
      path traversal, LFI, RFI, open redirect (assuming it leaks customer data),
      authentication or authorization flaw, or significant infoleak of customer data<\/li>\n<\/ul>\n\n\n\n

      Out-Of-Scope<\/h3>\n\n\n\n
        \n
      • missing header (except if proven way to gain additional priviledge on your OWN account)<\/li>\n\n\n\n
      • DKIM, DMARC<\/li>\n\n\n\n
      • Phishing<\/li>\n\n\n\n
      • version disclosure<\/li>\n\n\n\n
      • DDOS<\/li>\n\n\n\n
      • Spam<\/li>\n\n\n\n
      • Phishing<\/li>\n\n\n\n
      • logout CSRF<\/li>\n\n\n\n
      • ClickJacking<\/li>\n\n\n\n
      • Directory Listing (unless you get server interpreted source code),<\/li>\n\n\n\n
      • CSRF (unless affects the confidentiality or the availability of the user data)<\/li>\n\n\n\n
      • Session Fixation<\/li>\n\n\n\n
      • Missing Content-Type header unless you can upload a file<\/li>\n\n\n\n
      • Cookie set without secure flag<\/li>\n\n\n\n
      • no HSTS flag<\/li>\n\n\n\n
      • Cache settings (unless you get code execution or privilege escalation or significant infoleak)<\/li>\n\n\n\n
      • Path\/Exception disclosure<\/li>\n\n\n\n
      • Password auto-complete in Browser<\/li>\n\n\n\n
      • password policy<\/li>\n<\/ul>\n\n\n\n

        If you uncover a vulnerability that is out of scope, we will still consider it and at our discretion may still attribute a reward depending on our risk assessment.<\/p>\n\n\n\n

        Similarly, we may extend assets and categories.<\/p>\n\n\n\n

        Do not hesitate to contact us in all cases.<\/p>\n\n\n\n

        \n \n
        \n
        \"Warning\"Warning : Bug bounty is on hold<\/div>\n \n

        The bug bounty program is currently in pause for rework and will be re-opened as soon as possible<\/p>\n <\/span>\n <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

        Scope leocare.euapp.leocare.euapi.leocare.euleocare.eudash.leocare.fr Responsible behavior & disclosure Responsible disclosure only Never publish any user data, do not publish the details of the vulnerability before it has been patched Responsible behavior only If you gain write access, do not modify or delete other users\u2019 data, use accounts you created for this purpose ; similarly, if you gain read […]<\/p>\n","protected":false},"author":34,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template_bug_bounty.php","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-8244","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nLeocare Bug Bounty<\/title>\n<meta name=\"description\" content=\"Participez \u00e0 notre programme Bug Bounty et aidez-nous \u00e0 am\u00e9liorer la s\u00e9curit\u00e9 de nos services. R\u00e9compenses \u00e0 la cl\u00e9.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/leocare.eu\/fr\/bug-bounty\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Leocare Bug Bounty\" \/>\n<meta property=\"og:description\" content=\"Participez \u00e0 notre programme Bug Bounty et aidez-nous \u00e0 am\u00e9liorer la s\u00e9curit\u00e9 de nos services. R\u00e9compenses \u00e0 la cl\u00e9.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/leocare.eu\/fr\/bug-bounty\/\" \/>\n<meta property=\"og:site_name\" content=\"Leocare, assurance en ligne automobile et habitation\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-07T09:06:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2022\/11\/icone-alert.svg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Leocare Bug Bounty","description":"Participez \u00e0 notre programme Bug Bounty et aidez-nous \u00e0 am\u00e9liorer la s\u00e9curit\u00e9 de nos services. R\u00e9compenses \u00e0 la cl\u00e9.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/leocare.eu\/fr\/bug-bounty\/","og_locale":"fr_FR","og_type":"article","og_title":"Leocare Bug Bounty","og_description":"Participez \u00e0 notre programme Bug Bounty et aidez-nous \u00e0 am\u00e9liorer la s\u00e9curit\u00e9 de nos services. R\u00e9compenses \u00e0 la cl\u00e9.","og_url":"https:\/\/leocare.eu\/fr\/bug-bounty\/","og_site_name":"Leocare, assurance en ligne automobile et habitation","article_modified_time":"2025-01-07T09:06:07+00:00","og_image":[{"url":"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2022\/11\/icone-alert.svg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/leocare.eu\/fr\/bug-bounty\/","url":"https:\/\/leocare.eu\/fr\/bug-bounty\/","name":"Leocare Bug Bounty","isPartOf":{"@id":"https:\/\/leocare.eu\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/leocare.eu\/fr\/bug-bounty\/#primaryimage"},"image":{"@id":"https:\/\/leocare.eu\/fr\/bug-bounty\/#primaryimage"},"thumbnailUrl":"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2022\/11\/icone-alert.svg","datePublished":"2022-04-04T15:42:29+00:00","dateModified":"2025-01-07T09:06:07+00:00","description":"Participez \u00e0 notre programme Bug Bounty et aidez-nous \u00e0 am\u00e9liorer la s\u00e9curit\u00e9 de nos services. R\u00e9compenses \u00e0 la cl\u00e9.","breadcrumb":{"@id":"https:\/\/leocare.eu\/fr\/bug-bounty\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/leocare.eu\/fr\/bug-bounty\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/leocare.eu\/fr\/bug-bounty\/#primaryimage","url":"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2022\/11\/icone-alert.svg","contentUrl":"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2022\/11\/icone-alert.svg","caption":"Warning"},{"@type":"WebSite","@id":"https:\/\/leocare.eu\/fr\/#website","url":"https:\/\/leocare.eu\/fr\/","name":"Leocare, assurance en ligne automobile et habitation","description":"enfin (r)assur\u00e9.e","publisher":{"@id":"https:\/\/leocare.eu\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/leocare.eu\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/leocare.eu\/fr\/#organization","name":"Leocare, assurance en ligne automobile et habitation","url":"https:\/\/leocare.eu\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/leocare.eu\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2020\/03\/logo-leocare.svg","contentUrl":"https:\/\/leocare.eu\/fr\/wp-content\/uploads\/2020\/03\/logo-leocare.svg","caption":"Leocare, assurance en ligne automobile et habitation"},"image":{"@id":"https:\/\/leocare.eu\/fr\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/pages\/8244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/comments?post=8244"}],"version-history":[{"count":44,"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/pages\/8244\/revisions"}],"predecessor-version":[{"id":25834,"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/pages\/8244\/revisions\/25834"}],"wp:attachment":[{"href":"https:\/\/leocare.eu\/fr\/wp-json\/wp\/v2\/media?parent=8244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}