WRITEUP-DB

Bug Bounty Program Rules and Regulations for Writeup-DB.com

Welcome to Writeup-DB.com’s Bug Bounty Program

We at Writeup-DB.com are dedicated to ensuring the security and integrity of our platform. To achieve this, we invite security researchers and enthusiasts to participate in our Bug Bounty Program. By identifying and reporting vulnerabilities, you help us create a safer environment for our users.

How to Participate

If you believe you have discovered a security vulnerability on Writeup-DB.com, please follow the guidelines below to report it to us responsibly:

  • Step 1: Ensure your findings are within the scope of our program.
  • Step 2: Prepare a detailed report including a description of the vulnerability, steps to reproduce it, and the potential impact.
  • Step 3: Submit your report via email to info@writeup-db.com.

Program Rules and Scope

Our Bug Bounty Program is governed by a set of rules to ensure fair and responsible participation. Please review the Program Rules before submitting any reports.

Acknowledgement System

We value your contributions and offer acknowledgment on our website instead of monetary rewards. High-quality contributions may also be featured in our Hall of Fame.

Reporting Process

  • Report Submission: Send your detailed report to info@writeup-db.com.
  • Review: Our team will review your submission and may reach out for additional information.
  • Resolution: We will work to resolve the vulnerability and keep you updated on the progress.
  • Acknowledgement: Upon resolution, valid and impactful reports will be acknowledged on our website.

Thank You!

We appreciate your efforts in helping us maintain the security of Writeup-DB.com. Together, we can create a safer online environment for everyone.

Program Rules

  1. Eligibility:
    • The Bug Bounty Program is open to individuals worldwide except where prohibited by law.
    • Participants must be at least 18 years old. If you are under 18, you must have parental or guardian consent.

  1. Scope:
    • The scope of this program includes:
    • Out-of-scope vulnerabilities and assets include:
      • Third-party services
      • Any other domains or subdomains not explicitly mentioned above

  1. Submission Guidelines:
    • Reports must be submitted to info@writeup-db.com.
    • Reports should include:
      • A detailed description of the vulnerability
      • Steps to reproduce the vulnerability
      • Potential impact of the vulnerability
      • Any relevant screenshots or video evidence

  1. Disclosure Policy:
    • Do not publicly disclose any information regarding the vulnerability until it has been resolved and you have received explicit permission from Writeup-DB.com.
    • Failure to adhere to this policy will result in disqualification from the Bug Bounty Program.

  1. Acknowledgement:
    • Instead of monetary rewards, researchers who submit valid and impactful reports will be acknowledged on our website.
    • High-quality contributions may also be featured in our Hall of Fame section as a token of our appreciation.

  1. Rules of Engagement:
    • Do not attempt to access or modify data belonging to other users.
    • Do not perform any attacks that could degrade the performance of our services, such as Denial of Service (DoS) attacks.
    • Only use test accounts for testing and reporting vulnerabilities.

Allowed Vulnerabilities

We encourage researchers to look for and report the following types of vulnerabilities:

  • Remote Code Execution (RCE)
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Authentication Bypass
  • Privilege Escalation
  • Sensitive Data Exposure
  • Server-Side Request Forgery (SSRF)
  • Insecure Direct Object References (IDOR)
  • Security Misconfigurations
  • Open Redirects

Out-of-Scope Vulnerabilities

The following types of vulnerabilities are out-of-scope for our Bug Bounty Program and will not be eligible for acknowledgment:

  • Denial of Service (DoS)
  • Spamming
  • Social Engineering
  • Physical Attacks
  • Vulnerabilities requiring physical access to devices
  • Clickjacking
  • Issues related to outdated browsers
  • Vulnerabilities in third-party software
  • Reports that involve previously known vulnerabilities without a working proof of concept

By participating in our Bug Bounty Program, you agree to comply with the rules and guidelines outlined above. We look forward to working with you and appreciate your contributions to our platform’s security.