Program stats

47 vulnerabilities rewarded

Latest hall of famers

Recently joined this program

937 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public. creates Fair, Fashionable and Fun online prepaid card solutions. This program is managed by the team.


Please read and understand the rules in the Standard Disclosure Terms at

The following are specifically excluded from scope and should not be tested:

  • 3rd party tools used by
  • 3rd party service providers to
  • All shared hosting environment (e.g. networking equipment, firewalls and other equipment) components that are not directly used to host the target URL
  • Physical environment pen-testing such as obtaining access to offices, server rooms, cars, homes, and physical objects (such as USB keys, phones, laptops)
  • Routine Denial of Service or DDOS attacks
  • Server and application banner versions that appear out of date
  • Usernames exposed without requiring dictionary-style guessing
  • Attacks that require man-in-the-middle unless you also have found a way that we are not properly preventing a man-in-the-middle attack
  • Attacks that require the victim to use an unsupported browser (e.g. IE6, IE7, etc.)
  • CSRF vulnerabilities in forms that do not change state server side (e.g. forms that perform searches)
  • Content spoofing via 404 responses on

Note: Our server may indicate a banner (e.g. Apache version X.Y.Z) that seems out of date, but which is not in fact out of date due to the way we manage patches to that software.


This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for Informational (P5) findings. Learn more about Bugcrowd’s VRT.