Vulnerability Disclosure Program Active

Security Researchers
welcome here.

We value the work of security researchers in keeping our gaming marketplace safe. Find vulnerabilities, report them responsibly, and earn competitive bounties.

24h Response Time
Safe Harbor Guaranteed
$150+ Paid in 2026

Bounty Tiers

Critical Severity $500 +

RCE, SQLi, Payment Bypass, or unauthorized access to sensitive financial data.

High Severity 100$ - 500$

Stored XSS, Broken Authentication, IDOR involving sensitive data exposure.

Medium Severity 50$ - 100$

CSRF, Reflected XSS, Server-side misconfigurations, sensitive info disclosure.

Low Severity 20$ - 50$

Subdomain takeovers with no impact, mixed content, or descriptive error messages.

Program Scope

Asset Eligibility
v1.buypin.uz

Main platform & checkout flow

IN SCOPE
admin.buypin.uz

Core REST API & Admin Panel

IN SCOPE
buypin.net

Global platform

IN SCOPE
*.buypin.uz, *.buypin.net

Any other subdomain

OUT OF SCOPE

Recent Contributors

AD
Amber Dyer

Bot token compromise

SB
Smr.bot

CVE RCE Livewire vulnerability researcher

W
wierner

Sensitive Route exploiting

ED
Elmas Dumas

Payment duplication bug

Report Incident

Report vulnerabilities and security incidents via Telegram for faster response.

Report via Telegram
Note

Include detailed reproduction steps and impact analysis in your message for faster triage.