Company
Zaakpay
Program URL
https://zaakpay.com/bug-bounty
Contact
mailto:vdp@zaakpay.com
Rewards
Program type
bounty
Status
active
Description
If you believe that you have found security vulnerability or Bug on any of Zaakpay’s owned Website or Application, we encourage you to let us know straight away. Our Team will investigate all legitimate reports and do our best to quickly fix the problem.
Domains
Structured scope
Out of scope
Issues related to software/application not under Zaakpay’s control or owned by some third party
Forms missing CSRF tokens (we require evidence of actual CSRF vulnerability)
Missing security headers which do not lead directly to a vulnerability
Clickjacking without an impact
Text Injection
Known-vulnerable library (without evidence of exploitability)
Spam & rate limiting
SSL/TLS protocol vulnerabilities
Best practice concerns will be reviewed, but in general, we require evidence of a vulnerability
Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
The brute force of promo/coupon code
Social engineering attacks
Email/Phone number enumeration (user enumeration)
Any activity that could lead to the disruption of our service (DoS)
Open Redirection
Missing Security Headers
Minimum payout
1000
Maximum payout
No response
Currency
INR
Payout - critical
No response
Payout - high
No response
Payout - medium
No response
Payout - low
No response
Testing policy URL
No response
Excluded methods
Requires account
None
Safe harbor
None
Allows disclosure
None
Disclosure timeline days
No response
Response SLA days
1
Legal terms URL
No response
Hall of fame URL
No response
Swag details
No response
Reporting URL
No response
PGP key URL
No response
Preferred languages
English
Standards
Confirmation
Company
Zaakpay
Program URL
https://zaakpay.com/bug-bounty
Contact
mailto:vdp@zaakpay.com
Rewards
Program type
bounty
Status
active
Description
If you believe that you have found security vulnerability or Bug on any of Zaakpay’s owned Website or Application, we encourage you to let us know straight away. Our Team will investigate all legitimate reports and do our best to quickly fix the problem.
Domains
Structured scope
Out of scope
Minimum payout
1000
Maximum payout
No response
Currency
INR
Payout - critical
No response
Payout - high
No response
Payout - medium
No response
Payout - low
No response
Testing policy URL
No response
Excluded methods
Requires account
None
Safe harbor
None
Allows disclosure
None
Disclosure timeline days
No response
Response SLA days
1
Legal terms URL
No response
Hall of fame URL
No response
Swag details
No response
Reporting URL
No response
PGP key URL
No response
Preferred languages
English
Standards
Confirmation