| Scroll export button | ||||||||
|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
'This document provides information about Wildix Bug Bounty Program, including scope, eligibility, exclusions and rewards. Created: May 2023 Permalink: https://wildix.atlassian.net/wiki/x/AQAoCw |
| Table of Contents |
|---|
Objective
...
- Overusing automated tools
- DDoS/DoS attacks
- Spamming/Phishing attacks
- Accessible non-sensitive files and directories (e.g., README.TXT, CHANGES.TXT, robots.txt, .gitignore, etc.)
- Missing flags on cookies
- Missing HTTP security headers
- Clickjacking and issues only exploitable through clickjacking
- Missing SPF, DKIM, DMARC, and DMARC CAA records in the DNS zone
- Disabled DNSSEC
- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no security impact
- Descriptive error messages and patch disclosure with no security impact
- Rate limiting or brute force issues
- Software version disclosure
- Outdated software
- Reporting known-vulnerable components without proof of exploitation
- General low-severity issues reported by automated scanners
...