Cart Icon

Bug Bounty Program

ZNetLive Bug Bounty Program

Help us to make ZNetLive most secure!

ZNetLive invites you (Independent security groups, individual researchers, ethical hacking professionals, etc.) to study ZNetLive from all the aspects, on all the platforms and help us to make it most secure for our customers. Please alert us about any potential vulnerabilities or security flaws that you find. You would be suitably rewarded for your efforts.

We expect all the researchers to follow the following guidelines:

  • Report your finding by writing to us directly at bugbounty@znetlive.com without making any information public. We will confirm receipt within 72 working hours after submission.

  • Keep the information about any vulnerability or security flaw you've discovered confidential between you and ZNetLive until we have resolved the problem.

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.

  • Please note that Host header injections are out of scope and are not covered in this program.

  • Please share the proper sequence of steps with POC video to replicate the issue.

  • Perform research only within the scope of these guidelines.

  • If you follow these guidelines when reporting an issue to us, ZNetLive commits to:

  1. Suitably reward you for your efforts. The bounty will be disclosed when you report the bug.
  2. Recognize & acknowledge your contribution towards our Security with a certificate from ZNetLive.
  3. Work with you to understand and resolve the issue quickly.
  4. Not pursue or support any legal action related to your research.
  • Following bugs or issues will not be considered under the bug bounty program:

  1. MITM XSS
  2. Missing SPF records
  3. No-rate limit / Brute-force vulnerabilities
  4. Cookie without secure flag set
  5. Any self-exploiting vulnerabilities
  6. Tabnabbing
  7. SPF / DMARC records
  8. DoS and DDoS testing on the website

Website URL: www.znetlive.com

  • Remote code execution

  • Cross Site Forgery Protection

  • Cross Site Scripting*

  • Cross-Site Script Inclusion

  • Flaws in Authentication/Authorizations

  • Denial of Service

Things we do not want to receive:

  • Personally identifiable information (PII)

  • Credit card holder data

*For XSS related issues, we will only provide an appreciation certificate.

If you believe that you have found a security vulnerability or a potential flaw in any of our products/services or platforms, please report it to us by emailing at bugbounty@znetlive.com.

Please include the following details in your report:

  • Description of the location and potential impact of the vulnerability

  • A detailed description of the steps required to reproduce the vulnerability – POC scripts, screenshots, and compressed screen captures will all be helpful to us.

  • Your name/handle and a link for recognition.

ZNetLive requests that you adhere to our simple Disclosure Policy:

Kindly include the following details in your report:

  • Please avoid privacy violations, and do not destroy data or hinder our regular services.

  • The vulnerability or the bug must be original and previously un-reported. Thus, only the first reporter will be get benefit of the program.

  • Employees of ZNetLive, their close relatives (parents, siblings, children or spouse), ZNetLive business partners, agencies, alliances and their employees are not eligible for ZNetLive Bug Bounty Program.

  • We reserve the right to change the rules or cancel this program at any time.

  • Consideration for the bugs with serious security implications will be on case-to-case basis.

  • An official letter from ZNetLive will be issued to the bug reporter certifying the contribution towards our security. The letter will be generic and without mention of the vulnerability.

Cookie Settings