New bonus Unlocked: Yahoo Finance
12/8/2023, 3:48:32 PM (3 months ago)

Hey there, fellow hackers!

We've got some exciting news to share with you. Yahoo Finance has just rolled out a new design and many cool features. They've focused on making it simple and functional so you can get the information you need quickly and easily. Check it out and let us know what you think!

We're offering a special bonus for all valid reports you submit to celebrate this milestone.
You'll earn a 50% bonus on valid reports related to Yahoo Finance assets from now until the end of the year. And if you submit a valid report on other assets, you'll earn a 10% bonus!

We're always looking for ways to improve our program and make it more effective, so if you have any feedback or suggestions, please don't hesitate to let us know. We're committed to working with you to create a safer digital world for everyone.

Happy hacking!
The Yahoo Bug Bounty Team

CTF Players ASSEMBLE!!!!
9/28/2023, 9:34:36 PM (5 months ago)

If you are a CTF player or know someone who enjoys CTFs and plans to participate in GlacierCTF 2023, this is big news!!
You can become eligible to win upto $15,000. Wondering how?

  1. Submit a valid vulnerability to Yahoo's program on Intigriti between now and November 23, 2023
  2. Make sure to include your team name in the report
  3. Once accepted, you immediately qualify for the CTF Bonus
  4. If you win the CTF and are eligible, we'll pay the bonus to the report

More details here

Happy hunting!!

Cheers,
The Yahoo Bug Bounty Team

Help us find these!!
6/16/2023, 6:07:49 PM (9 months ago)

Hey hackers!

Thanks for sharing some candid feedback to our initial survey. We agree Yahoo's scope is vast and its not easy to pick a product to focus your research on. So to help you choose an area to focus on, we have these special promotions focusing on whats important to us.

  1. First 3 valid reports of XSS (all types) on any of the following properties, will receive 200% bonus (Yahoo Mail, Yahoo Calendar, Yahoo Search)
  2. First 3 valid reports of IDOR on any TW property in scope, will receive 100% bonus
  3. First valid report of SSRF (Full content, semi-blind) on any *.yahoo.com or *.aol.com domains in scope, will receive 100% bonus

Happy hunting!!

Cheers,
The Yahoo Bug Bounty Team

Notes:

  1. These bonuses cannot be combined with the other bonus (25% bonus for medium or higher severity reports), which is still active.
  2. Bonus does not apply to out of scope products and domains
Welcome!!
5/25/2023, 9:04:13 PM (9 months ago)

Hey awesome hackers!

The Yahoo Bug Bounty team wants to let you know how much we appreciate you participating in this private version of our Bug Bounty program! To show that appreciation, for all medium or higher severity reports you will receive a 25% bonus on top of the regular bounty! This bonus comes from a bounty pool of 50K so resources are limited, and it only lasts through the private program. First reported, first served!

As this is a private program, we also ask that you please avoid sharing the program or your participation on social media and other public platforms for now. Maintaining the element of surprise is crucial until we are ready to launch this program publicly on Intigriti!

If you have any questions or need assistance, don't hesitate to contact our Bug Bounty Program team through Intigriti's “Ask scope question” feature. We're here to help!

Once again, thanks a million for being part of our Bug Bounty Program. We're thrilled to have you on board and can't wait to see what incredible vulnerabilities you uncover!

Cheers,
The Yahoo Bug Bounty team