Sign up
Sign up

Bug bounty

Base Rule:

If you are willing to provide a proof of concept, we can discuss the possibility of a reward.

A reward will be paid only after the vulnerability has been verified and confirmed by us.

Disclosure Policy:

You are strictly prohibited from disclosing any information about the vulnerability to anyone other than the owner.

Any use of a vulnerability to the detriment of the company or public disclosure of such a vulnerability will be prosecuted to the fullest extent of the law and will result in the forfeiture of any reward.

Please note that the following are not eligible for rewards:

1. Brute force attacks, enumeration, and web scraping are not considered valid vulnerabilities and are not rewarded.

2. Use of leaked data from external systems within our platform.

3. Phishing attacks.

4. Attacks that require full administrative access to a user’s account.

5. Vulnerabilities in third-party partner services or products that do not directly impact the security of our own services.

6. Session-related issues (e.g., session fixation, session prediction).

7. Alerts generated by automated security scanners or tools unless accompanied by a verified, real-world proof of exploitability.

8. Reports based solely on software or protocol versions without demonstrating actual impact or exploitation.

9. Reports about missing security mechanisms (e.g., absence of CSRF tokens) or non-compliance with best practices, unless they include demonstrable negative consequences.

10. Logout CSRF, self-XSS, UI redressing (framing),  Сlickjacking.

11. Open redirect vulnerabilities (e.g., via `/away.php`).

Strictly Prohibited Activities:

  • DDoS attacks
  • Social engineering
  • Gaining physical access to servers or infrastructure
  • Threats or harm directed at company employees

How to Submit a Report:

Following these guidelines will significantly increase your chances of receiving a reward:

  • Clearly specify the affected service or section.
  • Identify the vulnerability type.
  • Provide a working proof of concept, preferably with screenshots or a screencast.
  • Describe the reproduction steps in detail.
  • Explain the potential impact of the vulnerability.
  • Suggest possible remediation measures (optional but appreciated).

Reward Amount:

The reward amount depends on the severity of the reported vulnerability and the potential damage it could cause to the company.

Tell us about your business

Services

Thank you!

We will contact you soon.

Close