1. Home
  2. Bug Bounty Programs
  3. Mars
HackerOne · VDP

Mars Vulnerability Disclosure Program

Complete guide to Mars's vulnerability disclosure program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

Mars runs a vulnerability disclosure program on HackerOne. The program has 110 in-scope assets and is managed by HackerOne's triage team.

110
In-Scope Assets
7h
Avg Response
98%
Efficiency
26d
Avg Resolve

In-Scope Assets

AssetTypeMax SeverityEligible
*.banfield.comWILDCARDCriticalNo Bounty
*.banfieldassets.comWILDCARDCriticalNo Bounty
*.bibliotecarc.clWILDCARDCriticalNo Bounty
*.bluepearlvet.comWILDCARDCriticalNo Bounty
*.cloud-effem.comWILDCARDCriticalNo Bounty
*.coroapremiada.com.brWILDCARDCriticalNo Bounty
*.dovechocolate.comWILDCARDCriticalNo Bounty
*.effem.comWILDCARDCriticalNo Bounty
*.eukanuba-gt.comWILDCARDCriticalNo Bounty
*.eukanuba.comWILDCARDCriticalNo Bounty
*.eukanuba.com.arWILDCARDCriticalNo Bounty
*.eukanubasportingdog.comWILDCARDCriticalNo Bounty
*.extragum.comWILDCARDCriticalNo Bounty
*.findroyalcanin.comWILDCARDCriticalNo Bounty
*.hnlp.jpWILDCARDCriticalNo Bounty
*.individualis.comWILDCARDCriticalNo Bounty
*.indsight-royalcanin.comWILDCARDCriticalNo Bounty
*.jornadasroyalcanin.com.arWILDCARDCriticalNo Bounty
*.mars-dna.comWILDCARDCriticalNo Bounty
*.mars.comWILDCARDCriticalNo Bounty
*.marschocolate.comWILDCARDCriticalNo Bounty
*.meetmynewpet.comWILDCARDCriticalNo Bounty
*.miroyalcanin.clWILDCARDCriticalNo Bounty
*.miroyalcanin.com.arWILDCARDCriticalNo Bounty
*.mivetshop.com.arWILDCARDCriticalNo Bounty
*.mms.comWILDCARDCriticalNo Bounty
*.momentosroyalcanin.comWILDCARDCriticalNo Bounty
*.moncse-royalcanin-siege.comWILDCARDCriticalNo Bounty
*.monespaceeleveur.frWILDCARDCriticalNo Bounty
*.monespacetoiletteur.comWILDCARDCriticalNo Bounty
*.monespaceveto.comWILDCARDCriticalNo Bounty
*.mycat2vet.myWILDCARDCriticalNo Bounty
*.myroyalcanin.bgWILDCARDCriticalNo Bounty
*.myroyalcanin.grWILDCARDCriticalNo Bounty
*.myroyalcanin.hrWILDCARDCriticalNo Bounty
*.myroyalcanin.huWILDCARDCriticalNo Bounty
*.myroyalcanin.roWILDCARDCriticalNo Bounty
*.myroyalcanin.siWILDCARDCriticalNo Bounty
*.orbitgum.comWILDCARDCriticalNo Bounty
*.pedigree.comWILDCARDCriticalNo Bounty
*.plataformaurinary.comWILDCARDCriticalNo Bounty
*.puntosroyaltyrc.com.coWILDCARDCriticalNo Bounty
*.rcjapan.jpWILDCARDCriticalNo Bounty
*.rcpracownik.plWILDCARDCriticalNo Bounty
*.royal-canin.byWILDCARDCriticalNo Bounty
*.royal-canin.co.krWILDCARDCriticalNo Bounty
*.royal-canin.co.zaWILDCARDCriticalNo Bounty
*.royal-canin.comWILDCARDCriticalNo Bounty
*.royalcanin-cp.jpWILDCARDCriticalNo Bounty
*.royalcanin-pethealthday.comWILDCARDCriticalNo Bounty

Showing 50 of 110 in-scope assets. View all on HackerOne.

Tips for Hacking Mars

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking Mars?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does Mars pay bounties?

No, Mars runs a Vulnerability Disclosure Program (VDP) without monetary rewards. You may receive recognition or swag.

What types of vulnerabilities does Mars accept?

Mars accepts reports for vulnerabilities found in their 110 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

Ring

HackerOne · Bug Bounty · 30 assets

Deriv.com

HackerOne · Bug Bounty · 18 assets

FormAssembly

HackerOne · VDP · 7 assets