Bug Bounty Program by IEMLabs
Hunt for bugs in our system and get awarded with Hall of Fame’s and Exciting Rewards
Scope Area's
In Scope
- Remote Code Execution (RCE)
- Web Shell Injection
- Different types of Injections (SQLi, XSS, XXE, OS command, LDAP etc.)
- Security Misconfiguration
- Sensitive Data Exposure
- Components with Known Vulnerabilities
- Authentication bypass
- Insecure direct object references
Out of Scope
- Reflected Cross Site Scripting (Self Xss)
- Descriptive error messages (e.g. stack traces, application or server errors).
- Misconfigured or lack of SPF records
- Out of date software versions
- Content Spoofing
- Vulnerabilities that are limited to unsupported browsers will not be accepted. Exploit must work at least on > IE 8.
- .htaccess downloadable file without a real security misconfiguration that can have security impact Login page or one of our websites over HTTP.
- Clickjacking or any issue exploitable through clickjacking Vulnerabilities in our 3rd party partners source code on which we don’t have any control regarding the fix. This vulnerability should be directly reported to the 3rd party host (e.g. Hubspot).
- Lack of Secure and HTTP Only flags.
- Weak SSL related issues
- Username / Email enumeration
- Cross Origin Resource Sharing (CORS) issues without a working Proof of Concept (POC)
- Denial of Services (DOS)
- Social Engineering Attacks
- Cross Site Request Forgery (CSRF) in Contact form
- Parameter Tampering in Payment Gateway
Submission Form
Our Certifications
Our Accreditation
Our Memberships
