We are happy to announce our VDP on Intigriti!
We will also start a Private program in the near future and you will have the chance to be invited to that. To be eligible for an invite, you need to find a valid medium or higher vulnerability an in scope asset.
We've done our best to clean most of our known issues and now would like to request your help to spot the ones we missed!
We are specifically looking for:
- leaking of personal data.
- horizontal / vertical privilege escalation.
- modification of content on the corporate website.
- access to management systems hosted on *.sixt.com or servers that hosts corporate resources.
1. Shared codebase disclaimer
Our websites share the same codebase accross countries so they can contain common issues. If a specific issue has already been found in another country website it will be treated as a duplicate. Focus on the country domains listed In Scope.
2. Quality requirements
Please make sure your report follows our quality standards as mentioned in the FAQ section
In case reports are not written according to the standards, they may not be eligible for a Swag or Reward.
3. Remember: Quality over Quantity
Swag and Rewards
All researchers who submit a valid Medium or higher submission, will also receive an invitation to the private BB program which we'll be launching soon!
We are giving vouchers to the Intigriti swag store as rewards. Please find an overview per severity below!
- Medium: 25€ swag voucher or cash of 25€
- High: 50€ swag voucher or cash of 50€
- Critical: Car rental voucher for a week-end OR 100€ swag voucher or cash 100€
- Exceptional: Car rental voucher for a week OR 150€ swag voucher or cash 150€
See Rules of engagament for the conditions under which a car rental voucher is possible
We are adding the log4j vulnerability into our scope. We will be awarding a 1k bonus on these vulnerabilities.
We’re curious to see what you’ll find!
If you have additional questions about our program feel free to contact us through Intigriti's support.
Lastly, if you believe a vulnerability has impact, we want to know about it! Remember to provide a clear impact indication.