As recently one of the biggest file hosting site have relaunched after the shut down of "Mega Upload" named as "MEGA". They have came back with the great new feature and also with the Cloud storage facility. As it was launched in 19 January of this year, they have brought the great news for the researcher and bugs hunter.
Mega have introduced with the new bugs bounty programs on their site. They are inviting the security researcher for finding the bugs on their hosting site.. Mega is going to pay a reward for each bugs reported to them. To improve the design flaws and the security of the site they have started a bugs bounty programs.
Types of the Bugs
- Mega's is giving the rewards on the following types of Bugs that they found.
- Remote Code Execution (with SQLi)
- Remote Code Execution (with XSS)
- Any issues that breaks the security of the site and allow the attacker to gain unauthorized access or manipulating the keys or data.
- Any flaws found on the system that allows the unauthorized overwriting or destruction of the data.
- Any issue that can make the loss, harm, or failure associating with the compromise of the email address of the users..
They will not accepts the bugs that need
- Phishing or social engineering attacks.
- Venerability in third party operated service.
- Bugs which are not related to the integrity availability and confidentiality of user data.
There are more scenario where bugs didn't accept. Read here..
Mega is giving Eur 10,000 for the each bugs. Reward may increase depending upon the impact of the vulnerability.
They are giving the reward to those who first finds the bug. Buys that are reported by the third party are not included in the bounty programs and hence will not reward.
After finding the bugs you can send them under the following mail address [email protected]