An automated shopping cart migration service, Cart2Cart has been launched in 2009. Since that time, it is a hand of help for thousands of merchants who want to change their e-Commerce solutions. Service supports over 55 platforms including world’s most popular shopping carts like Magento, WooCommerce, PrestaShop, Shopify. Users can perform migration having no programming skills and only in a few hours. We appreciate our clients attention and always try to do our best to provide security of data provided for the transfer.

However, there is no limit to perfection, and Cart2Cart would like to announce the award for noticed errors and vulnerabilities on our service.

What Vulnerabilities Will Be Qualified as Reward-Deserving?

  1. Arbitrary code execution: allows attacker to execute any commands on our server and get access to data of our service.
  2. SQL-injection: one of the most popular method of websites and programs cracking that deals with data based on SQL-code injection in request.
  3. Authentication flaw or data leak: in cases of impersonation.
  4. Cross-site scripting: a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

Errors connected with UI and inaccuracy in display of statistics or reports will not be applied for a reward.
Please note, all your actions which are connected with vulnerability search don't have to influence on site performance or damage it. The amount of reward will be determined by Cart2Cart team and credited to your Cart2Cart account.

How to Report about Noticed Vulnerability?

To report a vulnerability, contact Cart2Cart Support Team and provide us a detailed instructions on how to reproduce the problem and how it can influence on our site. Technical specialists will review your message and decide on the criticality of the error. If the instruction is not followed, you may be denied in a reward.