This is a dedicated test environment designed exclusively for security researchers participating in our Bug Bounty Program.
Please note:
🛑 No real orders can be placed! All products, transactions, and user data are purely fictional.
🔍 Your task is to identify and report security vulnerabilities within this shop. However, please ensure your testing adheres to our responsible disclosure policy.
🚫 Intrusive attacks such as DDoS, Brute Force, or any actions that disrupt system availability are strictly prohibited.
⚠️ Testing is only allowed on https://bountyshop.jtl-software.com. Any actions outside the website https://bountyshop.jtl-software.com are strictly forbidden. Attacks targeting other systems, services, or infrastructure will result in immediate disqualification from the program.
JTL Shop is Open Source. To conduct testing in your own JTL Shop instance, code review or test the JTL Shop admin backend or plugins, feel free to check our public Gitlab repository:
https://gitlab.com/jtl-software/jtl-shop/
More information can be found on the Open Bug Bounty platform.
If you discover a vulnerability, please report it via Open Bug Bounty or send an email to security[at]jtl-software.com.
You can use this PGP key if you want to encrypt your message:
https://cdn.jtl-software.com/sec/security.public.pgp
Thank you for helping us improve security! 🚀
