//
Detail Updates Leaderboard
Description

Torfs - the well-known shoe retailer in Belgium - is still a 100% family business today. This family character guarantees a number of important values within the company where employees are central. A head office in Sint-Niklaas and a spectacular distribution center in Temse offer support to the points of sale and customers of the E-Commerce website. With more than 80 stores in Flanders, 2 shops in the French part of Belgium and a growing online shop in Belgium, The Netherlands and several marketplaces, Torfs wants to be and remain the most customer-friendly optichannel shoe store chain.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 2
100
500
1,500
4,000
6,500
Tier 2
€100 - €6,500
Tier 3
25
150
750
1,250
1,500
Tier 3
€25 - €1,500
Rules of engagement
Required
Not applicable
max. 1 request /sec
Not applicable

Guidelines

  • Remember: quality over quantity!
  • Provide detailed but to-the point reproduction steps
  • Include a clear attack scenario, a step by step guide in the PoC is highly appreciated
  • Please do NOT discuss bugs before they are fixed
Domains
tier
type
winkels.torfs.be
Tier 2
URL

🇫🇷🇳🇱

www.schoenentorfs.be
Tier 2
URL

🇫🇷🇳🇱

www.schoenentorfs.nl
URL

🇳🇱

Severity assessment

All our rewards are impact based, therefore we kindly ask you to carefully evaluate a vulnerability's impact when picking a severity rating. To give you an idea of what kind of bugs belong in a certain severity rating we've put some examples below. Note that depending on the impact a bug can sometimes be given a higher/lower severity rating.

Exceptional

  • Remote Code Execution
  • SQLi

Critical

  • Read only access to all PII sensitive date (personal details,…)

High

  • Stored XSS without user interaction
  • Authentication bypass on critical infrastructure

Medium

  • XSS that requires user interaction
  • Misuse of vouchers

Low

  • CSRF
  • Open redirect
FAQ

Can I create a test account?

Yes and you are encouraged to do so! Please use your @intigriti.me email address for the account creation. More info can be found here: https://kb.intigriti.com/en/articles/2642598-intigriti-me-email-alias

Are there specific rules to follow for test accounts creation?

Yes. Only use your @intigriti.me email address for the account creation.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.