{"id":2100,"date":"2021-12-06T10:49:09","date_gmt":"2021-12-06T10:49:09","guid":{"rendered":"https:\/\/zebpay.com\/in\/?page_id=2100"},"modified":"2024-08-23T02:34:17","modified_gmt":"2024-08-23T02:34:17","slug":"bug-bounty","status":"publish","type":"page","link":"https:\/\/zebpay.com\/in\/bug-bounty","title":{"rendered":"Bug bounty"},"content":{"rendered":"<div class=\"breadcrumbs wow animate__fadeInUp wp-block-bcn-breadcrumb-trail\" vocab=\"https:\/\/schema.org\/\" typeof=\"BreadcrumbList\">\n\t<span><\/span>\n\t<span property=\"itemListElement\" typeof=\"ListItem\"><a property=\"item\" typeof=\"WebPage\" title=\"Go to Home.\" href=\"https:\/\/zebpay.com\/in\" class=\"home\" ><span property=\"name\">Home<\/span><\/a><meta property=\"position\" content=\"1\"><\/span><span class=\"separator\"><\/span><span property=\"itemListElement\" typeof=\"ListItem\"><a property=\"item\" typeof=\"WebPage\" title=\"Go to Blog.\" href=\"https:\/\/zebpay.com\/in\/blog\" class=\"post-root post post-post\" aria-current=\"page\"><span property=\"name\">Blog<\/span><\/a><meta property=\"position\" content=\"2\"><\/span><\/div>\n\n\n<div class=\"lazyblock-page-banner-Z1Bt5aE bug-bounty-banner wow animate__fadeInUp wp-block-lazyblock-page-banner\"><div class=\"container container--large\">\r\n    <div class=\"banner__row banner__row--gray\">\r\n        <div class=\"banner__copy banner__copy--normal banner__copy--left banner__copy--img\">\r\n            \n\n<h1 class=\"wp-block-heading banner-heading\" id=\"help-us-secure-zebpay\">Help us secure <strong>ZebPay<\/strong><\/h1>\n\n\n\n<h5 class=\"wp-block-heading normal\" id=\"at-zebpay-we-highly-value-security-and-our-ultimate-goal-is-to-ensure-an-incident-free-experience-therefore-we-encourage-independent-security-researchers-to-submit-vulnerabilities-via-our-responsible-disclosure-program-individuals-will-be-suitably-rewarded-for-the-same\">At ZebPay we highly value security and our ultimate goal is to ensure an incident-free experience. Therefore, we encourage independent security researchers to submit vulnerabilities via our responsible disclosure program. Individuals will be suitably rewarded for the same.<\/h5>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\"><\/div>\n\n        <\/div>\r\n                    <div class=\"banner__img banner__img--right banner_img_size--\">\r\n                <img decoding=\"async\" width=\"369\" height=\"315\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/bug-bounty.png\" class=\"attachment-full size-full\" alt=\"\" srcset=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/bug-bounty.png 369w, https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/bug-bounty-300x256.png 300w\" sizes=\"(max-width: 369px) 100vw, 369px\" \/>            <\/div>\r\n        \r\n                        <\/div>\r\n<\/div><\/div>\n\n<div class=\"lazyblock-section-HdPvi bug-bounty-highlight wp-block-lazyblock-section\"><div class=\"block-section\">\r\n    <div class=\"container container--medium \">\r\n        \n\n<div class=\"wp-block-columns are-vertically-aligned-top is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-full is-resized is-style-default\"><img decoding=\"async\" width=\"134\" height=\"134\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/thank-you.png\" alt=\"\" class=\"wp-image-2111\" style=\"width:70px;height:70px\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h2 class=\"wp-block-heading\" id=\"thank-you-for-all-that-you-do\">Thank you for all that you do<\/h2>\n\n\n\n<p>On behalf of over 6 million+ ZebPay users, we would like to express our heartfelt gratitude to all those listed in our Hall of Fame for their efforts in keeping the platform secure. We look forward to your continued participation in our Bug Bounty Program.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button leaderboard-btn\"><a class=\"wp-block-button__link wp-element-button\">View Leaderboard<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-top is-layout-flex wp-container-core-columns-is-layout-2 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-full is-resized is-style-default\"><img decoding=\"async\" width=\"134\" height=\"134\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/targets.png\" alt=\"\" class=\"wp-image-2112\" style=\"width:134px;height:134px\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h2 class=\"wp-block-heading\" id=\"targets\">Targets<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"public-urls\">Public URLs<\/h4>\n\n\n\n<ul>\n<li><a href=\"https:\/\/www.zebapi.com\/api\/v1\/\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/www.zebapi.com\/api\/v1\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/charts.zebpay.com\/\" data-type=\"URL\" data-id=\"https:\/\/charts.zebpay.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/charts.zebpay.com\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.zebapi.com\/api\/v1\/market\/\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/www.zebapi.com\/api\/v1\/market\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/connect.zebpay.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/connect.zebpay.com<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/connect.zebpay.com\/account\/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Deee7baaa-9d6c-43f1-9eb6-8174f62cd244%26redirect_uri%3Dhttps%253A%252F%252Fweb.zebpay.com%252Fsignin-oidc%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520wallet%253Atransactions%253Aread%2520wallet%253Aaddress%253Aread%2520wallet%253Aaddress%253Acreate%2520wallet%253Atransactions%253Asend%2520trade%253Aread%2520trade%253Acreate%2520payment%253Aget%253Adata%26response_mode%3Dform_post%26nonce%3D637745538308879464.OWRiNWY3ODMtOTVmZS00MDVhLThkM2ItYjA3OWIyYTQxNjM2ZDE3ODExYzYtMDg1NC00ODNlLWJiYzAtNWI4MjVmNWZiNzZl%26state%3DCfDJ8BLpXCyXoWdBlQxqnfY4qRUpBB5ksbKwb4wfQWOEp668iVfDbCvaznMSMbf4zaIU5RUymurwH4ZrJG6-aFlHEJ6Q6sSKRwWERlXA_U0DjgBMKyQUkx5zKCF-79iKG2GcSjWjJmYjvc5L0dmMm1poJSDr0L5ZZeosxQHVUcv4etHB-sMN-flxZD7Iv3AGo8LkSTzq4KRnGajkriP1xmRIeyHHaHA0r_NC_tkSj55KCWy6Sk3lhekVpccky_1kXiSPUnu1Ym4VfQ9Dw1DHlARATi8suz_O7_BBbMJBdrn9M43Q%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/web.zebpay.com<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/pro.zebpay.com\/trade\/trade-pair\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/pro.zebpay.com\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/build.zebpay.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">\/\/build.zebpay.com\/<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button android-btn\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/play.google.com\/store\/apps\/details?id=zebpay.Application&amp;hl=en_SG&amp;gl=US\" target=\"_blank\" rel=\"noreferrer noopener\">Android App<\/a><\/div>\n\n\n\n<div class=\"wp-block-button ios-btn\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/apps.apple.com\/in\/app\/zebpay-crypto-exchange\/id944854686\" target=\"_blank\" rel=\"noreferrer noopener\">iOS App<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n    <\/div>\r\n<\/div><\/div>\n\n<div class=\"lazyblock-section-ZJPyFH leaderboard-popup wp-block-lazyblock-section\"><div class=\"block-section\">\r\n    <div class=\"container container--medium \">\r\n        \n<div class=\"lazyblock-icon-list-ZY6sbu wp-block-lazyblock-icon-list\"><div class=\"ics__icon__list\">\r\n            <div class=\"ics__icon__item\">\r\n                            <div class=\"ics__icon__item__icon\">\r\n                    <img decoding=\"async\" width=\"640\" height=\"640\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/close.svg\" class=\"attachment-large size-large\" alt=\"\" \/>                <\/div>\r\n                                <\/div>\r\n    <\/div><\/div>\n\n\n<h2 class=\"wp-block-heading has-text-align-center\" id=\"zebpay-s-hall-of-fame-2020\">Zebpay\u2019s Hall of Fame 2020<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Date<\/th><th>Bounty Winners<\/th><th>Issue Status<\/th><th>Bounty<\/th><th>Points<\/th><th>Twitter Profiles<\/th><\/tr><\/thead><tbody><tr><td>Mar 2019<\/td><td>Tarikul Islam<\/td><td>Fixed<\/td><td>$100<\/td><td>180<\/td><td><a href=\"https:\/\/twitter.com\/sa1tama0\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/sa1tama0<\/a><\/td><\/tr><tr><td>Mar 2019<\/td><td>Sameer Phad<\/td><td>Fixed<\/td><td>HoF<\/td><td>60<\/td><td><a href=\"https:\/\/twitter.com\/sameerphad72\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/sameerphad72<\/a><\/td><\/tr><tr><td>Mar 2019<\/td><td>Sajid Ali<\/td><td>Fixed<\/td><td>$50<\/td><td>120<\/td><td><a href=\"https:\/\/twitter.com\/Esss_ayy\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/Esss_ayy<\/a><\/td><\/tr><tr><td>Mar 2019<\/td><td>Venkata Sateesh Netti<\/td><td>Fixed<\/td><td>$300<\/td><td>240<\/td><td><a href=\"https:\/\/twitter.com\/str4n63r\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/str4n63r<\/a><\/td><\/tr><tr><td>Aug 2019<\/td><td>Monika Babariya<\/td><td>Fixed<\/td><td>$100<\/td><td>180<\/td><td> <a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/str4n63r\" target=\"_blank\">https:\/\/twitter.com\/str4n63r<\/a> <\/td><\/tr><tr><td>Sep 2019<\/td><td>Simgamsetti Manikanta<\/td><td>Fixed<\/td><td>$50<\/td><td>120<\/td><td><a href=\"https:\/\/twitter.com\/zaheckmania\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/zaheckmania<\/a><\/td><\/tr><tr><td>Nov 2019<\/td><td>Arjun Singh<\/td><td>Fixed<\/td><td>$50<\/td><td>120<\/td><td><a href=\"https:\/\/twitter.com\/arjun49592602\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/arjun49592602<\/a><\/td><\/tr><tr><td>Feb 2020<\/td><td>Anabelle<\/td><td>Fixed<\/td><td>HoF<\/td><td>60<\/td><td><a href=\"https:\/\/twitter.com\/Anabell92256827\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/Anabell92256827<\/a><\/td><\/tr><tr><td>Mar 2020<\/td><td>MelarDev<\/td><td>Fixed<\/td><td>$250<\/td><td>240<\/td><td><a href=\"https:\/\/twitter.com\/melardev\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/melardev<\/a><\/td><\/tr><tr><td>Apr 2020<\/td><td>Priyanka Bamne<\/td><td>Fixed<\/td><td>Swag<\/td><td>120<\/td><td><a href=\"https:\/\/twitter.com\/PriyankaBamne\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/PriyankaBamne<\/a><\/td><\/tr><tr><td>Apr 2020<\/td><td>Jagadeesh G<\/td><td>Fixed<\/td><td>Swag<\/td><td>120<\/td><td><a href=\"https:\/\/twitter.com\/someendpoint\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/someendpoint<\/a><\/td><\/tr><tr><td>May 2020<\/td><td>Abhijeet Jain<\/td><td>Fixed<\/td><td>Swag<\/td><td>120<\/td><td><a href=\"https:\/\/twitter.com\/seecure963\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/twitter.com\/seecure963<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n    <\/div>\r\n<\/div><\/div>\n\n<div class=\"lazyblock-section-Z1nQuoF bug-bounty-accordion wp-block-lazyblock-section\"><div class=\"block-section\">\r\n    <div class=\"container container--large \">\r\n        \n<div class=\"lazyblock-custom-accordion-icon-1GkCo0 wp-block-lazyblock-custom-accordion-icon\"><div class=\"custom-accordion-with-icon\">\r\n         \r\n    <div class=\"custom-heading\">\r\n        <h2><\/h2>\r\n    <\/div>\r\n        <div id=\"accordion\" class=\"accordion-section\">\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"24\" height=\"24\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/11\/Overview.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    How to report the bug?<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><ul>\n<li><span style=\"font-weight: 400;\">Send it to security@zebpay.com <\/span><\/li>\n<li>Points to consider : <br \/>(Please use English when submitting the report)<br \/>(Add the POC attachments in a Google drive or Dropbox link)<br \/>(Try to be as elaborate of the testing methodology in your report as possible)<\/li>\n<\/ul><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"23\" height=\"28\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/rules.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    What should be in your bug report?<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><p><span style=\"font-weight: 400;\">The bug report should contain sufficient information pertaining to the bug description, testing methodology used and endpoints in the testing environment. This will help our internal security team to triage the bug faster.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The following should be added to make it a qualifying bug report :\u00a0<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">* A clear description of the bug.<\/span><\/li>\n<li>* The specific product version and environment in which the bug was found.<\/li>\n<li>* Sample Code (if required).<\/li>\n<\/ul><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"24\" height=\"24\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/11\/Security-First.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    What happens next?<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><ul>\n<li><span style=\"font-weight: 400;\">A member of our staff will get back to you as soon as they receive your report.<\/span><\/li>\n<li>Don&#8217;t be afraid to send the report again if you sent it by email and don&#8217;t hear back within a<span style=\"font-weight: 400;\"> few days<\/span><span style=\"font-weight: 400;\">. This could mean that a spam filter has banned your email.<\/span><\/li>\n<\/ul><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"26\" height=\"26\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2022\/06\/icon-referral.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    Which bugs qualify for a bounty?<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><p><span style=\"font-weight: 400;\">Bugs must be original and previously unreported in order to qualify for the bounty. The researcher who submitted their report first will receive the bounty if two or more researchers submit the identical bug.<\/span><\/p><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"45\" height=\"45\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2022\/02\/icon__52.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    How long does the triaging take?<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><p><span style=\"font-weight: 400;\">Every software bug is different and requires a different amount of time to triage and resolve, thus we can&#8217;t guarantee how long it will take to fix one. We always try to resolve problems as quickly as we can, and we&#8217;ll keep you informed every step of the way.<\/span><\/p><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"20\" height=\"20\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/Qualifying-vulnerabilities.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    What types of bugs are we looking for?<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><ul>\n<li><span style=\"font-weight: 400;\">I<\/span><span style=\"font-weight: 400;\">f you have found a security issue that directly affects a cryptocurrency and\/or its components (e.g. blockchain, node, wallet)<\/span><\/li>\n<li>Vulnerabilities that can cause a loss of user\u2019s funds\/assets remotely.<\/li>\n<li>Vulnerabilities that expose private keys or other sensitive data.<\/li>\n<li>Vulnerabilities in chain-related implementations<\/li>\n<li>Insecure cryptographic implementation for sensitive functions such as wallet generation, transaction signing etc.<\/li>\n<li>Business logic issues<\/li>\n<li>Payments manipulation<\/li>\n<li>Remote code execution (RCE)<\/li>\n<li>Database vulnerability, SQLi<\/li>\n<li>File inclusions (Local &amp; Remote)<\/li>\n<li>Access Control Issues (IDOR, Privilege Escalation, etc)<\/li>\n<li>Leakage of sensitive information<\/li>\n<li>Server-Side Request Forgery (SSRF)<\/li>\n<li>Other vulnerability with a clear potential loss<\/li>\n<\/ul><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"28\" height=\"28\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/Non-Qualifying-vulnerabilities.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    Ineligible issues (Will be closed as out of scope):<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Theoretical vulnerabilities without actual proof of concept<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Links to invalid\/expired pages (Only valid if you can demonstrate an actual takeover of an official Zebpay social media account linked to on every page, not just specific past announcements\/blog posts)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Invalid or missing SPF (Sender Policy Framework) records (incomplete or missing SPF\/DKIM\/DMARC)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CSRF with negligible security impact (E.g. adding to favourites, adding to cart, subscribing to a non critical feature)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assets that do not belong to Zebpay<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Missing security headers that do not lead to direct exploitation<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Exposure of internal IP address or domains<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Internally known issues, duplicate issues, or issues which have already been made public<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities that require physical access to a user&#8217;s device<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Issues that have no security impact (E.g. Failure to load a web page)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities only exploitable on out-of-date browsers or platforms<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Email verification deficiencies, expiration of password reset links, and password complexity policies<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Reports from automated tools or scans<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities related to auto-fill web forms<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Issues related to unsafe SSL\/TLS cipher suites or protocol version<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Lack of security flags in cookies<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any activity (like DoS\/DDoS) that disrupts our services<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Email or mobile enumeration (E.g. the ability to identify emails via password reset)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities that require root\/jailbreak<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Self-XSS<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cache-control related issues<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Installation Path Permissions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use of known vulnerable libraries without actual proof of concept<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Information disclosure with minimal security impact (E.g. stack traces, path disclosure, directory listings, logs)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Content spoofing<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tab-nabbing<\/span><\/li>\n<li aria-level=\"1\">Disclosure of information that does not present a significant risk.<\/li>\n<li aria-level=\"1\">Clickjacking \/ UI redressing.<\/li>\n<li aria-level=\"1\">Issues that require unlikely user interaction.<\/li>\n<\/ul><\/div>\r\n            <\/div>\r\n                <div class=\"accordion-row\">\r\n                <div class=\"acc-title\">   \r\n                                            \r\n                        <span>\r\n                            <img decoding=\"async\" width=\"26\" height=\"26\" src=\"https:\/\/zebpay.com\/in\/wp-content\/uploads\/2021\/12\/competition.svg\" class=\"attachment-full size-full\" alt=\"\" \/>                        <\/span>\r\n                                        <h6>\r\n                    Reward Guidelines<\/h6>\r\n                <\/div>\r\n                <div class=\"acc-content\"><p><span style=\"font-weight: 400;\">Our general payout ranges from $100-$1000 depending on the severity of the bug. The payout amount is decided by the Security team at Zebpay and the decision is final from the team.<\/span><\/p><\/div>\r\n            <\/div>\r\n            <\/div>\r\n<\/div><\/div>\n    <\/div>\r\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"_ayudawp_aiss_exclude":false,"footnotes":""},"acf":[],"_links":{"self":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/pages\/2100"}],"collection":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/comments?post=2100"}],"version-history":[{"count":1,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/pages\/2100\/revisions"}],"predecessor-version":[{"id":28875,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/pages\/2100\/revisions\/28875"}],"wp:attachment":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/media?parent=2100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}