The bonus month has been closed
7/29/2022, 8:39:25 AM (2 months ago)

The bonus month for submissions for our mobile apps has been closed.πŸ“±

Thanks to everyone who has participated!
We will keep you updated for future bonus months

Kind regards,
The Hoplr Security Team

July is a bonus month for our mobile apps! πŸ₯³
6/30/2022, 9:04:43 AM (3 months ago)

Dear researchers,

We really appreciate the work you already did on our program, and we want to introduce an extra incentive to find some more vulnerabilities on our mobile apps. πŸ“±
In July - actually, you can start right now! - we will hand out bonuses for the 3 best findings on our mobile apps.

Important details:

  • Timeframe: Today (30th of June) until the 28th of July
  • We, Hoplr, will choose the 3 best findings
    • 1st place: €250 πŸ’ΆπŸ’ΆπŸ’Ά
    • 2nd place: €150 πŸ’ΆπŸ’Ά
    • 3rd place: €100 πŸ’Ά
  • On the 29th of July, we will make our decision and update you if you receive a bonus reward

We will pick the findings that have the biggest impact on our business and our users.

As a reminder, here are the links to our apps:
iOS
Android

Make sure you only test in our test neighbourhoods (see main page) and don't do any bulk queries to make sure that other users are not impacted by the tests. We have rate limiters in place, but testing these is not part of the scope.

PS: We will organize this on a regular basis during the year, so keep an eye on our program!

Happy hunting!

Kind regards,
The Hoplr Security Team

.NET 6.0 migration and Hoplr websites/apps overview
3/1/2022, 8:17:22 AM (7 months ago)

Dear Hackers,

We have just migrated all our .NET websites to .NET 6.0. Feel free to take another look.

Summary of existing websites/apps:

The main focus is still our www.hoplr.com website, but we also have others we want to keep safe. Since you probably already found all our subdomains with Sublist3r(or any other subdomain enumerator), I thought it would be a good idea to give you some more information on those websites. You can find a short summary below.

Please make sure you don't do any request flooding on our websites. We have rate limiters in place (not everywhere) but a heavy load can lead to performance problems on our servers and we want to avoid that at all cost. And don't forget to always use your Intigriti email when you create a login.

Hoplr : this is the main one you all know. Instructions are on our Intigriti page.
Hoplr App: Not a website, but used by about 50% of our users.

Business landing : this is our public business landing page. Our customers are mostly governments.
Business dashboard : this is the private dashboard for our customers. It's a single page javascript website. You are not supposed to log in here! If you can, please let us know πŸ±β€πŸ’»

Regrowth : this is our internal website. It's a single page javascript website. We use it for customer and user support. You are not supposed to log in here! If you can, please let us know πŸ±β€πŸ’»
Regrowth Api : used by Regrowth to fetch and update data.

Hoplr API : this is our main API, and it is used by the Hoplr App, dashboard.hoplr.com and regrowth.hoplr.com

Bcq : The neighbourhood concierge is our latest addition to the hoplr universe. This is a paid subscription to find affordable, reliable and local help. The website also contains an API and a management website for the concierges. You know the drill --> πŸ±β€πŸ’»
Bcq App: Used by our subscribers. πŸ±β€πŸ’»

Participation pages: These are public websites that are tailor-made for our customers. They all use the same code base but are configured differently, examples are https://loosduinen.hoplr.com/ and https://segbroek.hoplr.com/. Some of them have authentication, which means they are in test mode and should not be accessed by regular users yet

Happy hunting!

Migration notice
3/25/2021, 9:25:30 AM (over 1 year ago)

Dear Hackers,

We have migrated to .NET Core a month ago, we invite you all to take another look.

Happy Hunting!