DrugHub Market Bug Bounty
Join our bug bounty program to secure the DrugHub Market darknet. Report vulnerabilities, earn Monero rewards, and help protect the DrugHub Market shop community.
Submit a BugComprehensive Bug Bounty Program
Our bug bounty program invites security researchers to identify vulnerabilities in the DrugHub Market darknet platform, ensuring a safe trading environment. Rewards are paid in Monero (XMR) to maintain anonymity.
Eligible Vulnerabilities
We reward reports for the following vulnerabilities on DrugHub Market mirrors:
| Vulnerability | Description | Severity |
|---|---|---|
| Cross-Site Scripting (XSS) | Injecting malicious scripts into web pages. | High |
| SQL Injection | Manipulating database queries to access data. | Critical |
| Authentication Bypass | Gaining unauthorized access to accounts. | Critical |
| Data Exposure | Unprotected access to sensitive user data. | Critical |
| CSRF | Forcing users to perform unintended actions. | Medium |
Out-of-scope issues include social engineering, DDoS attacks, and physical attacks.
Reward Structure
Rewards are based on vulnerability severity, paid in Monero:
| Severity | Reward (XMR) | Example |
|---|---|---|
| Critical | Up to 10 XMR | Account takeover, data breach |
| High | Up to 5 XMR | SQL injection, stored XSS |
| Medium | Up to 2 XMR | CSRF, session fixation |
| Low | Up to 0.5 XMR | Missing headers, minor leaks |
Contact us via Jabber to finalize reward payments.
Submission Guidelines
To submit a vulnerability:
- Test on a verified DrugHub Market mirror from Market Links.
- Provide a detailed report with:
- Steps to reproduce the issue.
- Impact assessment (e.g., data exposure risk).
- Screenshots or proof-of-concept code.
- Encrypt your report using our PGP key from Market PGP Keys.
- Send the report to [email protected] via Jabber.
- Expect a response within 7 days; critical issues are prioritized.
Program Rules
Participants must adhere to these rules:
- Limit testing to proof-of-concept; do not exploit vulnerabilities.
- Do not disclose vulnerabilities publicly until we patch them.
- Respect user privacy; avoid accessing sensitive data.
- Follow our Market Rules.
- Do not perform tests that disrupt platform availability (e.g., DDoS).
Violations may disqualify you from rewards and lead to bans.
Case Studies
Examples of successful bug bounty submissions:
- XSS in Vendor Profile: A researcher found a stored XSS flaw, earning 5 XMR after a swift patch.
- SQL Injection in Search: A critical flaw was reported, rewarded with 10 XMR for preventing data exposure.
- CSRF in Checkout: A medium-severity issue was fixed, with the researcher receiving 2 XMR.
FAQs About Bug Bounty
Can I test on production systems?
Yes, but only with proof-of-concept testing on verified mirrors.
How long does it take to receive a reward?
Rewards are processed within 14 days after verification.
Are duplicate reports rewarded?
No, only the first valid report for a unique issue is rewarded.
Contribute to Our Security
Your expertise strengthens the DrugHub Market shop. Access a verified DrugHub Market link and start contributing today.
Get DrugHub Market Link