ALL subdomains in scope
6/10/2024, 12:24:39 PM (6 months ago)

Hi researchers,

we are excited to announce that we've expanded the scope of our bug bounty program to include all subdomains of our main domains! This bold step reflects our commitment to security and transparency.
Especially our Tier 1 domains, with their numerous subdomains and diverse content, are now open for you to explore and secure. Your expertise is crucial in protecting our brands.

Thank you for your continued support.

Happy Bug Hunting!

New cooperation under https://marktplatz.bild.de/
4/2/2024, 12:26:41 PM (8 months ago)

Hi researchers,

today we launched a new cooperation under https://marktplatz.bild.de/
To find new security vulnerabilities maybe this would be a good starting point ;-)

Thank you for your continued support.
Happy Bug Hunting

Update on https://www.computerbild.de
2/29/2024, 12:14:59 PM (9 months ago)

Hi researchers,

today we launched a new cooperation under https://www.computerbild.de/browsergames/.
To find new security vulnerabilities maybe this would be a good starting point ;-)

Thank you for your continued support.
Happy Bug Hunting

Start 2024 with an additional competition bonus
11/27/2023, 5:27:40 PM (12 months ago)
12/8/2023, 2:41:23 PM

Hi researchers,

to reward your valuable contribution we would like to launch a small competition for last month of 2023.
We will award an additional bonus for researchers ranked 1-3 based on the leadersboard for the month of December 2023 as follows:
Rank1: 5.000€
Rank2: 2.500€
Rank3: 1.000€

Hope you enjoy this competition.
Happy Bug Hunting and a wonderful Christmas season.

Big rollout ps-checkout-next-web and new AI service in scope
10/5/2023, 5:53:39 AM (about 1 year ago)

Hello researchers,

we are happy to announce a new rollout of one of our most important services. The new ps-checkout-next-web service provides the complete frontend of the Bild and Welt checkout flow to purchase subscriptions.
The checkout itself comes from the Plenigo iframe which is embedded on this page. All services concerned run under the following subdomains:

  • *.ps.bild.de
  • *.ps.welt.de
  • *.ps.axelspringer.de

Also a new service is offered under https://hey.bild.de. This is a service to interact with an customized LLM.
Please have a look if you can find any vulnerability described in the OWASP Top 10 for LLM applications

Thank you for your continued support.
Happy Bug Hunting

Customized Payouts for Critical and Exceptional Issues
8/22/2023, 9:01:01 AM (over 1 year ago)

Hello researchers,

with your support as part of our Bug Bounty program, we feel encouraged to now make our Bug Bounty program public.
As part of this, we have also decided to slightly increase the payouts for the critical and exceptional issues.
We are very happy that the researcher community has made this possible.

Thank you for your continued support.
Happy Bug Hunting

edition.welt.de is out of scope now
6/23/2023, 10:07:56 AM (over 1 year ago)

Hello researchers,

thanks to your valuable contributions, we have decided to close the edition.welt.de subdomain due to the many vulnerabilities and outdated technologies used.
Edition.welt.de is therefore out of scope forever.

Happy Bug Hunting

Scope Adjustment and new Release
5/16/2023, 12:09:22 PM (over 1 year ago)

Hi researchers,

thank you very much for your valuable contribution so far. As you have pointed out some weaknesses that need to be improved, we have slightly adjusted our scope and added the section "Temporary out of scope". So please keep this in mind.
Today we also published a renewal of our website sportbild.de or sportbild.bild.de.

Happy Bug Hunting

More subdomains in scope now.
2/28/2023, 1:07:06 PM (over 1 year ago)

In addition to the domains listed, we provide now a full list of in-scope sub-domains in the attachment. See section in-scope in the program details.