PlanetHoster

  • $200 – $2,500 per vulnerability
  • Managed by Bugcrowd

Program stats

59 vulnerabilities rewarded

Validation within 4 days
75% of submissions are accepted or rejected within 4 days

$762.50 average payout (last 3 months)

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

PlanetHoster offers premium Web Hosting Solutions: Shared Hosting World Platform, Reseller solution Multi-World and Dedicated Server HybridCloud.

Payment Testing Credit: Each researcher account contains €100 of credit to buy PlanetHoster products for testing. If you run out of testing credit, please email support@bugcrowd.com.


Ratings/Rewards

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Reward Range

Last updated
Technical severity Reward range
p1 Critical $2,000 - $2,500
p2 Severe $1,250 - $1,750
p3 Moderate $750 - $1,000
p4 Low $200 - $500
P5 submissions do not receive any rewards for this program.

Targets

In scope

Target name Type
www.planethoster.com Website
my.planethoster.com Website
world.planethoster.net Website
api.planethoster.net API

Any domain/property of PlanetHoster not listed in the targets section is out of scope. This includes any/all subdomains not listed above.


Access/Credentials

Each researcher will be given one test account. Please do not change your test email address as this would put you out of compliance with our program. This will be verified during report submission. Please also follow the guide below to obtain credentials.

1.) To request access to the program, first log into your Bugcrowd researcher account.

  • Current Researchers can log in here: https://bugcrowd.com/user/sign_in.
  • New researchers can sign up here: https://bugcrowd.com/user/sign_up.

2.) Once signed in, please email support@bugcrowd.com to request credentials.

  • Please use the subject line '@@@@PlanetHoster Credential Request@@@@'.

3.) Bugcrowd will distribute your access code as quickly as possible.

  • You will be provided unique credentials for PlanetHoster.
  • Please allow 24 business hours (PST) for your access to be granted.

Account Credit

  • The accounts are pre-loaded with €100 of credit to test purchasing and payments on the PlanetHoster platform. You should be supplied with enough credit to fully test the web application, but if you need more credit, please reach out to support@bugcrowd.com with your reason for needing additional credit.

Navigating to world.planethoster.net

Get Your Login Details: Log in to your <my.planethoster.net> account and navigate to My Services and select "WORLD" under Product/Service.
Log Into world.planethoster.net: navigate to <world.planethoster.net> and input your provided credentials.


API

API Documentation & Setup

PlanetHoster API Docs

Whitelist IP for API Access

Once signed into the PlanetHoster web portal, to use the API, please whitelist your IP here: Domain Reseller API - Account Info page (or look under the "Domain API" tab of the PlanetHoster Platform). This will allow you to access and use the PlanetHoster API.


Focus Areas

  • Domain Names, DNS Management, Order form.
  • Access to other users' accounts / information.
  • Information that should not be available.
  • User passwords.
  • World hosting panel.

Out-of-Scope

  • Automated testing on Support channels.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.