🐞 Bug Bounty Program | Nymph.Club

We are launching a Bug Bounty program for security researchers, ethical hackers, and enthusiasts who want to help us make Nymph.Club more secure.

💡 About the Project: Nymph.Club is a fast-growing adult startup working with innovative digital formats. We prioritize user security and strive to maintain high data protection standards.

🎯 What Are We Looking For?

We are interested in identifying vulnerabilities that could affect: ✅ User data compromise. ✅ Authentication and authorization bypass. ✅ Leaks of confidential information. ✅ SQL injection, XSS, CSRF, RCE, SSRF, IDOR, and other critical vulnerabilities. ✅ API security flaws and business logic vulnerabilities.

❌ Out of Scope

🚫 DDoS and spam testing. 🚫 Phishing and social engineering. 🚫 Vulnerabilities requiring physical device access. 🚫 Issues without real security impact.

💰 Rewards • Critical vulnerabilities (data leaks, full system compromise) — from $1000 • High-risk vulnerabilities (auth bypass, RCE, SQL injection) — from $500 • Medium-risk vulnerabilities (XSS, CSRF, IDOR, access to sensitive data) — from $200 • Low-risk vulnerabilities (minor bugs, misconfigurations) — from $50

Reward amounts depend on the impact and potential consequences of the vulnerability.

📩 How to Report a Bug?

1. Prepare a detailed vulnerability report, including reproduction steps.
2. If possible, provide a demo video or PoC (Proof of Concept).
3. Send your report to [email protected] with the subject [Bug Bounty] Vulnerability Description.

We respond to reports within 7 business days.

📜 Program Rules

✅ Only submit new vulnerabilities (no duplicates). ✅ Do not disclose the issue before it is fixed. ✅ Only test your own accounts (do not target other users).

🔐 Help us make Nymph.Club safer! 💙 For any questions, contact [email protected].