//
Detail Updates Leaderboard
Description

The Antwerp-Bruges Port Authority has a key role in the port's day-to-day operation. The Port Authority manages and maintains the docks, the bridges, the locks, the quay walls and the land. The personnel is also responsible for safe shipping traffic in the docks, the bridges and locks. In addition, the Port Authority provides tugs and cranes, carries out dredging work and promotes the port at home and abroad.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 2
100
500
1,500
3,500
4,500
Tier 2
€100 - €4,500
Tier 3
50
350
1,000
2,500
3,500
Tier 3
€50 - €3,500
Rules of engagement
Required
Not applicable
max. 5 requests /sec
Not applicable

Our promise to you

  • We are happy to respond to any questions, please use the button in the right top corner for this.
  • We respect the safe harbour clause that you can find below

Your promise to us

  • Provide detailed but to-the point reproduction steps
  • Include a clear attack scenario. How will this affect us exactly?
  • Remember: quality over quantity!
  • Please do not discuss or post vulnerabilities without our consent (including PoC's on YouTube and Vimeo)
Domains
tier
type

*.c-point.be

Tier 2
Wildcard

188.118.8.0/25

Tier 2
IP Range

94.107.237.192/26

Tier 2
IP Range
api-accpt.portofantwerp.com
Tier 2
URL
api-accpt.portofantwerpbruges.com
Tier 2
URL
api.portofantwerp.com
Tier 2
URL
api.portofantwerpbruges.com
Tier 2
URL
apps-accpt.portofantwerp.com
Tier 2
URL
apps-accpt.portofantwerpbruges.com
Tier 2
URL
apps.portofantwerp.com
Tier 2
URL
apps.portofantwerpbruges.com
Tier 2
URL
as2-accpt.portofantwerp.com
Tier 2
URL
as2-accpt.portofantwerpbruges.com
Tier 2
URL
as2.portofantwerp.com
Tier 2
URL
as2.portofantwerpbruges.com
Tier 2
URL
digitalspecs.portofantwerpbruges.com
Tier 2
URL
login-accpt.portofantwerpbruges.com
Tier 2
URL

NEW login page

login-test.portofantwerpbruges.com/poam/XUI/
Tier 2
URL

NEW login page

login.portofantwerpbruges.com
URL

New login page

Severity assessment

All our rewards are impact based, therefore we kindly ask you to carefully evaluate a vulnerability's impact when picking a severity rating. To give you an idea of what kind of bugs belong in a certain severity rating we've put some examples below. Note that depending on the impact a bug can sometimes be given a higher/lower severity rating.

Exceptional

  • RCE (Remote Code Execution)

Critical

  • SQL injection
  • Authentication bypass on critical infrastructure
  • Privilege escalation

High

  • Access to all customer personal data
  • Stored XSS without user interaction

Medium

  • XSS
  • CSRF with a significant impact

Low

  • XSS that requires lots of user interaction ( > 3 steps)
  • CSRF with a very limited impact

Port of Antwerp-Bruges is following intigriti's standard view on severity assessment and impact analysis. More information can be found on:
https://kb.intigriti.com/en/articles/5041991-intigriti-s-contextual-cvss-standard

FAQ

Where can we get credentials for the app?

We currently don’t offer any credentials to test user roles.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.