DarkMatter

  • Points – $1,200 per vulnerability
  • Managed by Bugcrowd

Program stats

1 vulnerability rewarded

Validation within 3 days
75% of submissions are accepted or rejected within 3 days

$300 average payout (last 3 months)

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

DarkMatter Group is a leading Emirati technology company, focusing significantly on advanced technologies that enable smart and safe digital, including blockchain and cryptography. Since its establishment in 2015, We have developed a portfolio of solutions aimed at enhancing and securing critical infrastructure within the key sectors that underpin society: defense, intelligence, civil government, financial services, transportation, energy, and telecommunications.

Ratings/Rewards

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Please be aware that injection type issues that are present on the same form/functionality, but slightly different parameters, will be treated as single issues. For instance, if ever parameter on /foo is vulnerable to XSS, only the first submission here will be reward, and all subsequent findings against this form will be considered duplicates.

Reward Range

Last updated
Technical severity Reward range
p1 Critical $1,200 - $1,200
p2 Severe $800 - $800
p3 Moderate $300 - $300
P4 are only eligble to receive kudos points. P5 submissions do not receive any rewards for this program.

Targets

In scope

Target name Type
www.darkmatter.ae Website
xen1thlabs.com Website
katim.com Website

Any domain/property of DarkMatter not listed in the targets section is out of scope. This includes any/all subdomains not listed above.


Target Information:

  • This targets for this program are the production: DarkMatter.ae, katim.com, and xen1thlabs.com webapps.
    • Note that this is built on the Ubraco CMS; some particular points of interest include trying to access authenticated content via the api, etc.
  • When testing, please ensure you limit your testing to only non-invasive injections (e.g. when doing command execution limit to yourself to running an ls or id command, SQL injection limit to only select queries (no INSERT, DELETE etc). Proving the point is sufficient without having to go 10 layers deep.

Credentials/Access

Testing for this target will be External Only. No credentials will be provided for this assessment.

Out of Scope:

  • Any type of DoS - whether network or app level

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.