Report bugs on GoDaddy's website

We offer a reward for any security bugs (defined below) reported to us that affect any of the following sites:

  • www.godaddy.com
  • sso.godaddy.com

Accepted bug types

You can a receive a bounty for submitting any of the following types of bugs:

  • Cross Site Scripting (XSS)
  • Authentication and Authorization Flaws
  • Cross Site Request Forgery (CSRF)
  • Remote Code Execution
  • SQL Injection
  • Directory Traversal
  • Click-jacking
  • Privilege Escalation

Send us the bug

  1. Visit https://cobalt.io/
  2. Click Sign in.
  3. Either log in to an existing account or click Become a Researcher on the bottom-right corner of the pop-up window and complete the fields.
  4. Email us your Cobalt username to bug@godaddy.com.

    You will receive a confirmation email from Cobalt once we have added you to our program.
  5. After this confirmation, log in to your account and review the terms of the program located at https://cobalt.io/godaddy/godaddy-beta.
  6. Click Submit Vulnerability, and then submit the information.

Was This Article Helpful?
Thank You For Your Feedback
Glad we helped! Anything more we can do for you?
Sorry about that. How can we be more helpful?