The biggest online portals in the field of tourism in Vietnam.

website twitter facebook

Managed by WhiteHub

Points - 20,000,000 VND
99 60

Program rules

Guidelines

We require that all researchers:

  • Do not access customer or employee personal information, pre-release Vntrip content, or Vntrip confidential information. If you accidentally access any of these, please stop testing and submit the vulnerability.
  • Do not degrade the Vntrip user experience, disrupting production systems, or destroy data during security testing.
  • Use the WhiteHub report submission form to report vulnerability information to us.
  • Collect only the information necessary to demonstrate the vulnerability.
  • Submit any necessary screenshots, screen captures, network requests, reproduction steps or similar using the WhiteHub submission form (you can use third party file sharing sites but you have to make sure they are not disclosed to anyone other than us).
  • When investigating a vulnerability, please only target your own account and do not attempt to access data from anyone else’s account.
  • All reports must be written in English.
  • Use email email_test@vntrip.vn while making orders.

Qualifying vulnerabilities

Any design or implementation issue that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. Common examples include:

  • Cross Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection (SQLi)
  • Authentication related issues
  • Authorization related issues
  • Data Exposure
  • Remote Code Execution
  • Business Logic
  • Mobile-specific API vulnerabilities

Non-qualifying vulnerabilities

Depending on their impact, some of the reported issues may not qualify. Although we review them on a case-by-case basis, here are some of the common low-risk issues that typically do not earn a monetary reward:

  • URL redirection
  • Bugs requiring exceedingly unlikely user interaction
  • Logout cross-site request forgery
  • Flaws affecting the users of out-of-date browsers and plugins.
  • Presence of banner or version information
  • Email spoofing
  • DDoS

Mobile App

Our mobile apps are available at:

Reward range

Severity Reward range
CRITICAL 4 Points 20,000,000 VND
HIGH 3 Points 10,000,000 VND - 15,000,000 VND
MEDIUM 2 Points 5,000,000 VND - 10,000,000 VND
LOW 1 Point

Targets

In scope

Name Type
vntrip.vn Website
Vntrip Android app Android
Vntrip IOS app iOS

Out of scope

Name Type
test-*.vntrip.vn Website

Statistics

99 reports accepted
60 reports rewarded

Latest hall of famers

Recently joined this program

  • qdoan95
  • Private Researcher
  • Private Researcher
  • Private Researcher
  • tvtuan
  • ndx100
  • xhunt3r
  • Private Researcher
  • Private Researcher
  • haxor07
  • jujingyi