Reward updates
3/16/2023, 2:17:32 PM (12 months ago)

For our VDP/Public program we are giving vouchers to the Intigriti swag store and cash equivalent as rewards.

Please find an overview per severity below!

Medium: 25€ swag voucher or cash of 25€
High: 50€ swag voucher or cash of 50€
Critical: Car rental voucher for a week-end OR 100€ swag voucher or cash 100€
Exceptional: Car rental voucher for a week OR 150€ swag voucher or cash 150€

1 step for the first 100 valid submissions!
1/26/2022, 8:40:35 AM (about 2 years ago)

Hi Researchers!

We've received a lot of reports over the last months, we are only one from the first 100 submissions accepted!

So, for the one who reports the 100th unique, new and valid submission we are offering an extra bonus of 100€ on top of the rewards for the finding!

We are looking forward to your findings!

The Sixt Security Team

log4j zeroday bonus
12/13/2021, 3:01:26 PM (about 2 years ago)
12/13/2021, 3:02:09 PM

Dear researchers,

As we are working to close the gaps where needed on log4j, we are asking for your help.

We are bringing this zeroday into our scope, starting today and will be rewarding a 1k payout on these reports, if deemed valid and unique of course.

We are curious to see what you can find!

Thanks,
The Sixt security team.

Limitation on XSS reports
9/1/2021, 7:42:54 AM (over 2 years ago)

Dear researchers,

We are working with our Devs to minimize the number of XSS, RXSS and PXSS on our web applications. Sadly we know there might exist some XSS and we are defining the best ways to correct them.

During this phase we won't accept reports regarding XSS on our applications. Although, we are still interested in XSS attacks that are linked to a CVE or via outdated software (for example: CISCO VPN)

Thanks! and keep hunting!

Be aware of out of scope assets!
8/31/2021, 3:48:52 PM (over 2 years ago)

Dear researchers,

We've updated our out of scope assets, please avoid scanning these 3:

https://siemens.smc.sixt.com/
https://s004-px01.s004.smc.sixt.com/
https://s004-px02.s004.smc.sixt.com/

Thanks,
The Sixt security team

Please stop heave scanning - automation limit of 5 requests/second
8/31/2021, 2:29:01 PM (over 2 years ago)

Dear researchers,

We're grateful to see so much activity on our program.

However, we are experiencing serious operational issues because of the heavy scanning on our systems.

Please stop heavy scanning activity, and if you do need to use automation, please adhere to the 5 requests/ second rule.

In case of no improvement in the next coming hours we may be forced to pause our program.

Thanks,
The Sixt security team