Log in

Bug Bounty Program

Thank you for your interest in contributing to the security of our platform. Our Bug Bounty Program is designed to reward security researchers who responsibly identify vulnerabilities that could impact the confidentiality, integrity, or availability of our systems. The following sections outline the scope, reporting guidelines, and severity classifications.

Rewards and Inquiries

If you wish to know the exact reward associated with a submission or require additional details, please contact: bugbounty@winnerodds.com

Program Scope

We accept submissions for vulnerabilities that affect the security of:

  • Core web applications and APIs Authentication and user management systems
  • Public-facing services and infrastructure

This list is not exhaustive; any finding that may meaningfully impact security will be considered.

Out of Scope

The following will not be considered valid submissions:

  • Social engineering attacks of any kind
  • Denial-of-service attempts that impact real service availability
  • Vulnerabilities affecting third-party services outside our control
  • Excessive automated scanning or brute-force testing
  • Reports without reproducible steps, or lacking a clear proof of concept.

Severity Levels and Criteria

Vulnerabilities are categorized based on their potential impact.

 
Critical Severity Examples include:
  • Vulnerabilities allowing server-level control
  • Vulnerabilities enabling Distributed Denial of Service (DDoS) attacks
  • Vulnerabilities allowing Remote Code Execution (RCE)
 
High Severity Examples include:
  • SQL Injection without remote code execution capability
  • Unauthorized account access without the ability to modify user data
  • XSS vulnerabilities with high-impact exploitation
  • Exposure or leakage of critical or highly sensitive data
 
Medium Severity Examples include:
  • Exposure or leakage of non-critical data
  • CSRF attacks with limited impact
 
Low Severity Examples include:
  • Clickjacking
  • Low-impact vulnerabilities with minimal likelihood of exploitation
 
 

Submission Guidelines

To ensure efficient review, please include:
  • A clear and concise description of the vulnerability
  • Detailed reproduction steps
  • The estimated impact Proof of concept (screenshots, scripts, or video)
All submissions must be sent to: bugbounty@winnerodds.com
 
 

Responsible Disclosure Policy

We do not tolerate any form of extortion, coercion, or threats. Attempts to pressure our team for higher rewards, accelerated responses, or any other form of leverage will result in immediate disqualification from the program and may lead to further action.
 
We value responsible security research and ask that you:
Refrain from publicly disclosing any vulnerability until it has been resolved
Avoid accessing, modifying, or downloading more data than strictly necessary to demonstrate the issue
 

Suggestions and Feedback

If you would like to propose improvements to this policy or the overall program, we welcome your feedback.
 
 
Please contact us at bugbounty@winnerodds.com
 

Login
Register
Twitter Youtube