Program Status: Active since June 2025
We launched the Bug Bounty program to enhance the security of our application. If you discover vulnerabilities in our software, we will provide you with a free license as a token of appreciation.
Entry | Description |
---|---|
Includes | apps
Web application: All client and server application features |
Includes | api
API: All public API endpoints |
Includes | dns
Infrastructure: Web server, database, configuration |
Includes | web
|
Includes | terminal
|
Includes | desktop_windows
|
Includes | terminal
|
Exception | block
DoS/DDoS attacks |
Exception | person_remove
Social engineering |
Exception | location_off
Physical attacks |
Exception | report
Spam and phishing |
Exception | warning
Disruption of third-party users |
Severity Level | Description | License Type | Duration |
---|---|---|---|
Critical | RCE, SQL Injection, Authentication Bypass, access to all user data | Paid | 12 months |
High | XSS, CSRF, privilege escalation, confidential data leakage | Paid | 6 months |
Medium | Information Disclosure, IDOR, insecure configuration | Paid | 3 months |
Low | Informational vulnerabilities, security UI/UX issues | Paid | 1 month |
Note: The specific license type is determined based on the vulnerability's impact on system security.
cake
Age 18 or older |
security
Responsible disclosure |
gavel
Compliance with your country's laws |
shield
No harm to service or user data |
looks_one
Discover vulnerability within program scope |
looks_two
Prepare detailed report with reproduction steps |
looks_3
Send report to developer's Telegram private message |
looks_4
Receive acknowledgment (within 48 hours) |
looks_5
Wait for analysis results (up to 30 days) |
looks_6
Receive license after vulnerability confirmation |
subject
Subject: [Bug Bounty] Brief vulnerability description |
description
Description: Detailed description of the vulnerability found |
refresh
Reproduction: Step-by-step instructions |
warning
Impact: Potential damage from exploitation |
photo_camera
Evidence: Screenshots, videos, or other materials |
lightbulb
Recommendations: Suggestions for remediation (optional) |
fiber_new
New vulnerabilities |
replay
Reproducible bugs |
priority_high
Critical security issues |
article
Detailed reports |
content_copy
Duplicate reports |
info
Already known vulnerabilities |
psychology
Theoretical attacks |
smart_toy
Automated scanner results |
https
SSL/TLS configuration issues |
Disclaimer: We reserve the right to modify the Bug Bounty program terms at any time. Final decision on vulnerability severity and license type is made by our security team.
Telegram for reports: OpenTgResearcher
Response time: 48 hours
Analysis time: up to 30 days
Privacy: All reports are handled confidentially. We do not disclose vulnerability information until they are fixed.
Here will be listed the names of researchers who contributed to OpenTgResearcher security
The hall of fame is empty so far. Be the first!
Explore our application responsibly and help us make it more secure!
OpenTgResearcher
Copyright Ⓒ 2022 - 2025