Help protect 1e+8 sport fans worldwide
Find vulnerabilities, earn rewards and become a Hall of Famer
Critical
Serious weakness, can allow unauthorized access or execution of malicious code
15 points and up to
$2,000
High
Significant weakness, may require more effort or conditions to exploit
10 points and up to
$1,000
Moderate
Has the potential to compromise the system, may not pose an immediate threat
7 points and up to
$500
Low
Minor security weakness that poses little or no threat
5 points and up to
$200
Non exploitable
While present, cannot be exploited to compromise the system
3 points and up to
$0
Critical
Serious weakness, can allow unauthorized access or execution of malicious code
15 points and up to
$2,000
High
Significant weakness, may require more effort or conditions to exploit
10 points and up to
$1,000
Moderate
Has the potential to compromise the system, may not pose an immediate threat
7 points and up to
$500
Low
Minor security weakness that poses little or no threat
5 points and up to
$200
Non exploitable
While present, cannot be exploited to compromise the system
3 points and up to
$0
* Livesport employees and their immediate family members do not receive reward but may donate it via Donio
The rules
Playground
Livesport, known globally under brands such as Flashscore, Diretta and others, provides live scores, news and statistics from sports events to houndreds of millions of fans worldwide. Your assistance in keeping our software and infrastructure secure helps deliver the most enjoyable experience to our users.
Go for
Our global website Flashscore.com as well as local websites such as Livesport.cz, Diretta.it, Eredmenyek.com and others
Our specialized projects, such as Soccerstand.com
Our 24 Sport network – Soccer24.com, Tennis24.com and others
Our Android, iOS, Android Plus, Huawei, and KaiOS apps
Do not do
Reports that do not include proof-of-concept exploitation of vulnerabilities and the ability to access sensitive user, third party or Livesport group data
Attacks requiring physical access to a user's device
Any physical attacks on Livesport's datacenter infrastructure or assets
Attacks on employees or contractors using social engineering techniques
Reporting of non-existent links on our websites that point to Livesport Group domains
Attacks that may cause a Denial of Service (DoS) on Livesport Group websites and applications at the application or network layer
Creating duplicate user accounts or accounts without verifying the actual ownership of the email address
Any form of "non-authenticated" clickjacking or tapjacking
Any security reports from automated tools
Any reports of insufficiently secure SSL/TLS ciphers without functional proof-of-concept abuse- against production infrastructure
Hall of fame
1.
You
4 PTS
2.
Can
3 PTS
3.
Be
2 PTS
4.
Here
1 PTS
Submit a bug
Our bones don't break, mine do. That's clear. Your cells react to bacteria and viruses differently than mine. You don't get sick, I do. That's also clear. But for some reason, you and I react the exact same way to water.
submit a bug in the form below
leave us some time for internal review
we indentify and fix the bug
notification annoucement, $$$
Thank you for caring
Join us