We consider the security of our Web Application a top priority.
But no matter how much effort we put into security, there can still be vulnerabilities present.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.
We would like to ask you to help us better protect our clients and our site.
As a token of our gratitude for your assistance,
We offer Acknowledgement and Hall of Fame for every report of a security problem that was not yet known to us.
Do not take advantage of the vulnerability or problem you have discovered,
for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
Do not reveal the problem to others until it has been resolved,
Never use automated scanner.*
Don't test server or port other than 80, only application level vulneribility is accepted as bug.
Do not use attacks on physical security, social engineering,
distributed denial of service, spam or applications of third parties, and
Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible.
In scope url
Researchers are Only allowed to test above mentioned subdomain and domain.
Test only web application vulneribility, testing server is strictly prohibited.
It is strictly prohibited to exploit any found vulneribility on the system.
Clickjacking or any report without any proper possible exploit is not accepted as a valid report.
There are 10 hidden CTF flags on the site. Finders are listed below. You need to use web application pentesting skills to found those vulneribilities.
Please Don't use automated scanners. Automated tools are not going to help.