N45HT Vulnerability Disclosure Program

N45HT Vulnerability Disclosure Program

N45HT Vulnerability Disclosure Program Bahasa Indonesia | English | Boso Jowo | Basa Sunda |

No technology is perfect, and N45HT believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Response Targets

N45HT will make the best effort to meet the following response targets.
Type of response Business day
First response 3 business days
Triage 7 business days
Resolution 30 business days

Report Security Vulnerability

  • Please provide details of the issue, including the Proof of Concept, URL Vulnerability, and detailed reproduction steps.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • Social engineering is prohibited.
  • Do not perform DoS or DDoS attacks.
  • Please use English or Indonesian when submitting a Security Vulnerability.

Exceptions and Rules

Any activity that would disrupt, damage, or adversely affect any third-party data or account is not allowed.

Assets in scope

Domains/App not listed below are not in scope.
TypeIdentifier
Domainn45ht.or.id
Domainctf.n45ht.or.id
Domainapi.n45ht.or.id
Domainxssr.n45ht.or.id
Domainauth.n45ht.or.id

Assets out of scope

TypeIdentifier
Chrome ExtensionsXSSRush.crx

In Scope Vulnerability

  • SQL Injection
  • Access Control Issues
  • Cross-site Scripting (XSS)
  • Remote Code Execution (RCE)
  • XML External Entity Attacks (XXE)
  • Server-side Request Forgery (SSRF)
  • Cross-site Request Forgery (CSRF)
  • Unchecked URL-redirection
  • Privilege Escalation
  • Directory Traversal
  • Sensitive Information Disclosure

Out of Scope Vulnerability

The following actions do not qualify for the Vulnerability Disclosure Program and should not be tested by researchers.
  • Self-XSS
  • Text Injection
  • HTML Injection (In some cases, we are still considering this vulnerability.)
  • Phishing Attacks
  • Bruteforce Attacks or User Enumeration
  • Denial of Service Attacks
  • Login/logout/low-impact CSRF
  • CSRF on forms that available to anonymous users
  • Social Engineering
  • DNS Attack through Social Engineering
  • Clickjacking/UI redressing

Rewards

At this time we not awarding bounties for reported vulnerabilities.

Submit Vulnerability Report
Thank you for helping keep N45HT and our users safe!

Related Post: