Beschreibung
«Republik» is a digital magazine for politics, business, society and culture. It is a service for interested people in a complex world. We research, ask questions, classify and uncover. And provide you with facts and contexts as a basis for your own reflections and decisions.
«Republik» is financed by its more than 28,000 subscribers. We are owned by no one - but a little bit by each of our members. Together we are a rebellion against the media corporations and for media diversity.
«Republik» is completely free of advertising. We disclose everything: our finances, working methods, mistakes, salaries - because we are convinced that transparency is important. Our code base is open source, targets listed below point to the relevant repositories
Regeln
Scope
The following services and applications may be tested. All other targets and third party services not listed here are not in scope. Especially Metabase, Matomo, Stripe, PayPal, PostFinance, Mailchimp, Mandrill and other 3rd party software not in scope. If not listed otherwise source code can be found at https://github.com/republik/plattform.
- republik.ch
Main Website
- publikator.republik.ch
CMS
- admin.republik.ch
Admin-Tool
- assets.republik.ch
Assets-Server
- api.republik.ch
API / Backend
- Android app.republik
Source code: https://github.com/orbiting/app
- IOS ch.republik
Source code: https://github.com/orbiting/app
Verfahren
- Request access to this private bug bounty program
- Start looking for vulnerabilities, respecting the definitions in this program (scope, rules, ...).
- Report found vulnerabilities and support the platform and the customer in verifying them.
- Get paid for confirmed, new vulnerabilities.
Rechtlich
The organisation gives their approval for Friendly Hackers to use hacking methods based on the specified bug bounty program. Due to this consent, the criminal liability criterion of unauthorized use and thus the criminal liability of the Friendly Hackers with regard to the elements of crime in Art. 143 StGB (unauthorized data acquisition) and Art. 143bis StGB (unauthorized intrusion into a data processing system) does not apply.
Belohnungsstufen
Schweregrad | Belohnung |
---|---|
Critical | CHF 2000-3000 |
High | CHF 1000-2000 |
Medium | CHF 500-1000 |
Low | CHF 200-500 |