ZNetLive invites you (Independent security groups, individual researchers, ethical hacking professionals, etc.) to study ZNetLive from all the aspects, on all the platforms and help us to make it most secure for our customers. Please alert us about any potential vulnerabilities or security flaws that you find. You would be suitably rewarded for your efforts.
We expect all the researchers to follow the following guidelines:
Report your finding by writing to us directly at firstname.lastname@example.org without making any information public. We will confirm receipt within 72 working hours after submission.
Keep the information about any vulnerability or security flaw you've discovered confidential between you and ZNetLive until we have resolved the problem.
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Please note that Host header injections are out of scope and are not covered in this program.
Please share the proper sequence of steps with POC video to replicate the issue.
Perform research only within the scope of these guidelines.
If you follow these guidelines when reporting an issue to us, ZNetLive commits to:
Following bugs or issues will not be considered under the bug bounty program:
Website URL: www.znetlive.com
Remote code execution
Cross Site Forgery Protection
Cross Site Scripting*
Cross-Site Script Inclusion
Flaws in Authentication/Authorizations
Denial of Service
Things we do not want to receive:
Personally identifiable information (PII)
Credit card holder data
*For XSS related issues, we will only provide an appreciation certificate.
If you believe that you have found a security vulnerability or a potential flaw in any of our products/services or platforms, please report it to us by emailing at email@example.com.
Please include the following details in your report:
Description of the location and potential impact of the vulnerability
A detailed description of the steps required to reproduce the vulnerability – POC scripts, screenshots, and compressed screen captures will all be helpful to us.
Your name/handle and a link for recognition.
ZNetLive requests that you adhere to our simple Disclosure Policy:
Kindly include the following details in your report:
Please avoid privacy violations, and do not destroy data or hinder our regular services.
The vulnerability or the bug must be original and previously un-reported. Thus, only the first reporter will be get benefit of the program.
Employees of ZNetLive, their close relatives (parents, siblings, children or spouse), ZNetLive business partners, agencies, alliances and their employees are not eligible for ZNetLive Bug Bounty Program.
We reserve the right to change the rules or cancel this program at any time.
Consideration for the bugs with serious security implications will be on case-to-case basis.
An official letter from ZNetLive will be issued to the bug reporter certifying the contribution towards our security. The letter will be generic and without mention of the vulnerability.