| Scroll export button | ||||||||
|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
'This document provides information about Wildix Vulnerability Reward Program ( Bug Bounty )Program, including scope, eligibility, exclusions and rewards. Created: May 2023 Updated: June 2024 Permalink: https://wildix.atlassian.net/wiki/x/AQAoCw |
| Warning |
|---|
Important: Please note that the email for sending vulnerability reports has changed to bugbounty@wildix.com. |
| Table of Contents |
|---|
Objective
...
- Overusing automated tools
- DDoS/DoS attacks
- Spamming/Phishing attacks
- Accessible non-sensitive files and directories (e.g., README.TXT, CHANGES.TXT, robots.txt, .gitignore, etc.)
- Missing flags on cookies
- Missing HTTP security headers
- Clickjacking and issues only exploitable through clickjacking
- Missing SPF, DKIM, DMARC, and DMARC CAA records in the DNS zone
- Disabled DNSSEC
- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no security impact
- Descriptive error messages and patch disclosure with no security impact
- Rate limiting or brute force issues
- Software version disclosure
- Outdated software
- Reporting known-vulnerable components without proof of exploitation
- General low-severity issues reported by automated scanners
...
The highest reward may be obtained for the findings like RCE, Authentication bypass, Vertical Privilege Escalation, and SQLi.
Bug Bounty reward can be paid to PayPal account only.
Reporting
All vulnerability reports should be submitted to security@wildixbugbounty@wildix.com and and contain the description and steps to reproduce or PoC. Reports submitted through other channels (such as email or social media) will not be eligible for rewards.
...