Report Security Issues
If you've found a security vulnerability on orzz.us; we encourage you to message us immediately. We will review all legitimate vulnerability reports and do our utmost to quickly resolve the matter. Before reporting any issue, please review this document: including fundamentals, bounty program, reward guidelines, and reporting examples.
You are required to follow the below given guidelines while reporting a security issue to shaunsees.com; we will not initiate a lawsuit or enforcement investigation against you in response to your report.
We ask that:
1. Your request will be processed in 15 business days; Please do not make any information public before this timeline.
2. You should make an honest faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction and interruption or degradation of our services.
3. You should not exploit a security issue whenever it is discovered; for any reason. (This includes demonstrating additional risk, like an attempted compromise of sensitive company data or trying to hunt out additional issues.)
4. You should not violate applicable laws or regulations.
We recognize and reward security researchers who help us keep the internet safe by reporting vulnerabilities in our services. Monetary bounties for such reports are entirely at shaunsees.com discretion, supported risk, impact, and other factors. To potentially qualify for a bounty, you initially meet subsequent requirements:
1. Adhere to our fundamentals (see above)
2. Report a security bug: that is to identify a vulnerability in our services or infrastructure which creates a security or privacy risk. (Note that us ultimately determines the danger of which bugs are security issues.
3. Submit your report via firstname.lastname@example.org; please do not contact our employees directly.
4. If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations, or other confidential information) while investigating, inform disclose this in your report.
5. We investigate and answer all valid reports we receive; but we prioritize evaluations supported risk and other factors, and it takes time before you receive a reply.
6. We reserve to publish reports.
We support our freelance community; working hard for the internet to become a safe space for every. Our reward program is based on the vulnerabilities you find. We will be updating the program over time through your supported feedback. You are recommended to give us any feedback on any of the programs.
1. Please provide detailed reports with reproducible steps. If the report isn't detailed enough to address the matter; the matter won't be eligible for bounty.
2. If two or more parties present the same error, we will award the bounty on First Come Basis and according how reproducible the steps of each report are.
3. Multiple vulnerabilities caused by one underlying issue to be awarded one bounty.
4. We determine bounty reward supported of things, including (but not limited to) impact, simple exploitation, and quality of the report. We specifically note the bounty rewards, these are listed under.
5. Amounts below are the utmost we'll pay per level. We aim to be fair, all reward amounts are at our discretion. Critical severity Vulnerabilities ($200): Vulnerabilities that cause a privilege escalation on the platform from unprivileged to admin, allows remote code execution, financial theft, etc.
High Severity Vulnerabilities ($100)
-Remote Code Execution
-Remote Shell/Command Execution
-Vertical Authentication bypass
-SQL Injection that leaks targeted data
-Get full access to accounts
-High severity Vulnerabilities ($100): Vulnerabilities that affect the platform including the processes it supports.
Medium Severity Vulnerabilities ($50)
-Lateral authentication bypass
-Disclosure of important information within
-Stored XSS for user
-Local file inclusion
-Insecure handling of authentication cookies
-Medium severity Vulnerabilities ($50): Vulnerabilities that affect multiple users, little or no user interaction to trigger.
Low Severity Vulnerabilities
-Common logic design flaws and business process defects
-Insecure object of the verb References
-Low severity Vulnerabilities: Issues that affect singular users' interaction or significant prerequisites (MITM) to trigger.
Other Low Sensitivity Information Leaks:
-Low sensitivity Information leaks
Thanks for shopping with confidence!
Phone: +337 57 13 97 72
Address: 3 rue des Dunes, 35400 Saint-malo, France