FlexiSPY — Calling All Hackers And Security Professionals — Earn $100–5000.
Put your technical skills up against our developers and find security flaws that we have created or missed — and get paid for your time.
The scope of this offer is anything that is connected with FlexiSPY web properties or mobile applications including:
We encourage the coordinated disclosure of the following eligible web application vulnerabilities:
- Cross-site scripting
- Cross-site request forgery in a privileged context
- Server-side code execution
- Authentication or authorization flaws
- Injection Vulnerabilities
- Directory Traversal
- Information Disclosure
- Significant Security Misconfiguration
To receive credit, you must be the first reporter of a vulnerability and provide us a reasonable amount of time to remediate before publicly disclosing. When submitting a vulnerability, please provide concise steps to reproduce that are easily understood.
While we encourage any submission affecting the security of an FlexiSPY web property, unless evidence is provided demonstrating exploitability, the following examples are excluded from this program:
- Content spoofing / text injection
- Self-XSS [to be valid, cross-site scripting issues must be exploitable in reflected, stored or DOM-based types]
- Logout and other instances of low-severity Cross-Site Request Forgery
- Missing http security headers
- Missing cookie flags on non-sensitive cookies
- Password and account recovery policies, such as reset link expiration or password complexity
- Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM)
- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
- SSL/TLS best practices
- Clickjacking/UI redressing with no practical security impact
- Software version disclosure
- Username / email enumeration via Login Page or Forgot Password Page error messages
Rewards range from $100 — $5,000 and will be evaluated extremely generously. The general terms are in line with the industry and can be found here. You will be paid anonymously by bitcoin.
So don’t wait — find out what vulnerabilities exist.