//
Detail Leaderboard
Description

Delen Private Bank is a family-based specialist in asset management, focused on wealth preservation, growth and careful planning. Our core values - entrepreneurship, personal service and long-term vision – inspire us to apply a proactive yet prudent investment philosophy. Honest, no-nonsense products and services help our clients to enjoy the good and beautiful things in life – both today and tomorrow.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 2
100
250
2,500
8,000
15,000
Tier 2
€100 - €15,000
Rules of engagement
Not applicable
Not applicable
max. 5 requests /sec
Not applicable

Guidelines

  • Provide detailed but to-the point reproduction steps
  • Include a clear attack scenario, a step by step guide in the PoC is highly appreciated
  • Remember: quality over quantity!
Domains
tier
type
api.digital.delen.be
Tier 2
URL
api.digital.delen.lu
Tier 2
URL
app.delen.be
Tier 2
URL
app.delen.ch
Tier 2
URL
app.delen.lu
Tier 2
URL
auth.digital.delen.be
Tier 2
URL
auth.digital.delen.lu
Tier 2
URL
be.delen.digital
Tier 2
Android
delen/id1064839588
Tier 2
iOS
login.delen.be
Tier 2
URL
login.delen.ch
Tier 2
URL
login.delen.lu
Tier 2
URL
login.oyens.com
Tier 2
URL
status.delen.be
Tier 2
URL
sts.delen.be
Tier 2
URL
www.cadelam.be
Tier 2
URL

🇫🇷🇳🇱

www.cadelux.lu/en
Tier 2
URL

🇬🇧🇫🇷🇳🇱

www.delen.bank
Tier 2
URL
www.delen.be/en
URL

🇬🇧🇫🇷🇳🇱

Severity assessment

It will be the responsibility of intigriti to pay ethical hackers in a timely and legal way. Payouts will only take place after agreement with Delen Private Bank on the criticality of the impact and only if the submission was the first of its kind and agreed to be valid.

Exceptional

  • Access to sensitive client data
  • Full database access

Critical

  • Remote Code Execution
  • Access to sensitive user/employee data
  • SQLi
  • Full privileged access to an important asset of the infrastructure
  • Ability to make transactions/orders

High

  • Stored XSS
  • Access to random customer's data

Medium

Vulnerabilities that affect multiple users, and require little or no user interaction to trigger:

  • XSS (single click)

Low

  • Debug stack trace
  • XSS with complicated scenario's
  • Open redirects with possible security impact
FAQ

Test accounts

Test accounts are not given at this moment. All testing should assume black-box testing. Of course if you find credentials on other places that might give you more access to our systems, we'd love to hear about it!

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.