Mamba Bug Bounty Program

Mamba invites you to participate in the program Wamba Bug Bounty, whose goal is to search for possible vulnerabilities of our service. We pay a reward for every vulnerability discovered, the existence of which was confirmed by our specialists. By now we have paid more than $35000.

Fill in description
The field is emply
The field is emply
Incorrect email
We will confirm receipt of your message.

Reward amount

We devide our services to critical and other services.
Critical services include user authorization, the user's personal data storage system, and payment systems.

Critical Services:
  • Injections of the program code and SQL statements - $3000.;
  • Crossite Scripting (XSS) - $300.;
  • Cross-site forgery of requests (CSRF) - $300.;
  • Vulnerabilities in session management - $150.;
Other services:
  • Injections of the program code and SQL statements - $1000.;
  • Crossite Scripting (XSS) - $150.;
  • Cross-site forgery of requests (CSRF) - $150.;
  • Vulnerabilities in session management - $100.;
In special cases, the amount of payment for the vulnerability found can be increased.
Payment to the residents of the RF is processed via WebMoney or Paypal.
Please mind that a reward is only paid to the person who was the first to report the problem.

The principles of responsible disclosing

We are expecting following the principles of responsible disclosing from the people who have taken up searching vulnerabilities on Wamba service.
That means that a person who found a vulnerability and reported it via the form must not disclose the information about the vulnerability to third parties until it is fixed.
A participant of vulnerability search program can not disclose in any way the information to which he/she got access as a result of the researches. We refer here users' personal details and other details which can interfere with the work of Wamba service.