Limitation on XSS reports
9/1/2021, 7:42:54 AM (3 months ago)

Dear researchers,

We are working with our Devs to minimize the number of XSS, RXSS and PXSS on our web applications. Sadly we know there might exist some XSS and we are defining the best ways to correct them.

During this phase we won't accept reports regarding XSS on our applications. Although, we are still interested in XSS attacks that are linked to a CVE or via outdated software (for example: CISCO VPN)

Thanks! and keep hunting!

Be aware of out of scope assets!
8/31/2021, 3:48:52 PM (3 months ago)

Dear researchers,

We've updated our out of scope assets, please avoid scanning these 3:

https://siemens.smc.sixt.com/
https://s004-px01.s004.smc.sixt.com/
https://s004-px02.s004.smc.sixt.com/

Thanks,
The Sixt security team

Please stop heave scanning - automation limit of 5 requests/second
8/31/2021, 2:29:01 PM (3 months ago)

Dear researchers,

We're grateful to see so much activity on our program.

However, we are experiencing serious operational issues because of the heavy scanning on our systems.

Please stop heavy scanning activity, and if you do need to use automation, please adhere to the 5 requests/ second rule.

In case of no improvement in the next coming hours we may be forced to pause our program.

Thanks,
The Sixt security team