DataparkSearch Security Bug Bounty Program

Our bug bounty program for DataparkSearch is intended to promote security research of DataparkSearch and to help with the continuing process of keeping DataparkSearch it secure, as this software that we use.


  • The bug must not have been previously reported.
  • The bug must be in the most recently released version.
  • You must not have created the buggy code or are in anyway involved in the creation of it.

DataparkSearch Bounties

  • Remote execution of arbitrary PHP code: US$500
  • Remote malicious file inclusion: US$500
  • Remote SQL Injection that allows reading or modifying the database: US$250
  • Persistent cross-site scripting (XSS): US$250
  • Reflective cross-site scripting (XSS): US$100
  • DOM-based cross-site scripting (XSS): US$100


To receive the bounty you need to mention the bounty program when you first contact the DataparkSearch developer about the bug and they need to acknowledge that. If you provide us details of the bug before the developer has had a chance to review the report then the security bug will not be eligible for a bounty. Once that has been completed you will also need to provide enough information for us to recreate the exploitation of the bug. The bounty will be paid via PayPal. The bounty can also be donated to a charity of your choice.