Hunt for bugs in our system and get awarded with Hall of Fame’s and Exciting Rewards
About the Program
Bug Bounty Program by IEMLabs is an initiative to encourage young talents in the field on Cyber Security to find out and report critical vulnerabilities. We invite all Ethical Hackers and Cyber Security Professionals to participate in our Bug Bounty Program and raise the standard of the Cyber Security industry. A researcher who successfully finds and report vulnerability will be awarded with “Hall of Fame Certificate” and “Exciting Goodies” from IEMLabs.
Remote Code Execution (RCE)
Web Shell Injection
Different types of Injections (SQLi, XSS, XXE, OS command, LDAP etc.)
Sensitive Data Exposure
Components with Known Vulnerabilities
Insecure direct object references
Out of Scope
Reflected Cross Site Scripting (Self Xss)
Descriptive error messages (e.g. stack traces, application or server errors).
Misconfigured or lack of SPF records
Out of date software versions
Vulnerabilities that are limited to unsupported browsers will not be accepted. Exploit must work at least on > IE 8.
.htaccess downloadable file without a real security misconfiguration that can have security impact Login page or one of our websites over HTTP.
Clickjacking or any issue exploitable through clickjacking Vulnerabilities in our 3rd party partners source code on which we don’t have any control regarding the fix. This vulnerability should be directly reported to the 3rd party host (e.g. Hubspot).
Lack of Secure and HTTP Only flags.
Weak SSL related issues
Username / Email enumeration
Cross Origin Resource Sharing (CORS) issues without a working Proof of Concept (POC)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.