N45HT Vulnerability Disclosure Program
Bahasa Indonesia
|
English
No technology is perfect, and N45HT believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Response Targets
N45HT will make the best effort to meet the following response targets.
Type of response |
Business day |
First response |
3 business days |
Triage |
7 business days |
Resolution |
30 business days |
Report Security Vulnerability
- Please provide details of the issue, including the Proof of Concept, URL Vulnerability, and detailed reproduction steps.
- Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
- Social engineering is prohibited.
- Do not perform DoS or DDoS attacks.
- Please use English or Indonesian when submitting a Security Vulnerability.
Exceptions and Rules
Any activity that would disrupt, damage, or adversely affect any third-party data or account is not allowed.
Assets in scope
Domains/App not listed below are not in scope.
Type | Identifier |
Domain | n45ht.or.id |
Domain | ctf.n45ht.or.id |
Domain | api.n45ht.or.id |
Domain | xssr.n45ht.or.id |
Domain | auth.n45ht.or.id |
Assets out of scope
Type | Identifier |
Chrome Extensions | XSSRush.crx |
In Scope Vulnerability
- SQL Injection
- Access Control Issues
- Cross-site Scripting (XSS)
- Remote Code Execution (RCE)
- XML External Entity Attacks (XXE)
- Server-side Request Forgery (SSRF)
- Cross-site Request Forgery (CSRF)
- Unchecked URL-redirection
- Privilege Escalation
- Directory Traversal
- Sensitive Information Disclosure
Out of Scope Vulnerability
The following actions do not qualify for the Vulnerability Disclosure Program and should not be tested by researchers.
- Self-XSS
- Text Injection
- HTML Injection (In some cases, we are still considering this vulnerability.)
- Phishing Attacks
- Bruteforce Attacks or User Enumeration
- Denial of Service Attacks
- Login/logout/low-impact CSRF
- CSRF on forms that available to anonymous users
- Social Engineering
- DNS Attack through Social Engineering
- Clickjacking/UI redressing
Rewards
At this time we not awarding bounties for reported vulnerabilities.
Submit Vulnerability Report
Thank you for helping keep N45HT and our users safe!
Related Post: