Vulnerability Disclosure Program

Please submit a detailed report of your research while following our guidelines below.

Reporting:

If you believe you have found any security (technical) vulnerability in our products or services, you are welcome to submit a vulnerability report to “security@innoplexus.com“.

In case of reporting any security vulnerability/Issues, please ensure that you have included following information (Qualified Reporting):

1) The main URL where the vulnerability is located.

2) A detailed description with necessary screenshots.

3) Versions of web components related to the vulnerability (browser, OS, APP version, etc.).

4) Steps to reproduce the vulnerability and your advice to fix it.

5) Tools used while performing the test

6) Any other useful information that you think we must know.

Policy:

PLEASE STICK TO THE DOMAINS AND SUB-DOMAINS THAT ARE LISTED IN THE SCOPE.

We will review and respond as quickly as possible to your submission, and keep you informed as we work to fix the vulnerability/issue you submitted(Valid bugs). Based on the research report that you submit to us, We will include your name in our Hall of fame(HOF).

We may contact you for further information if necessary.

Scope:

The main categories of vulnerabilities that we are sincerely looking for are:

1) Cross-site Scripting (XSS)

2) Cross-site Request Forgery (CSRF)

3) Server-Side Request Forgery (SSRF)

4) SQL Injection

5) Remote Code Execution (RCE)

6) XML External Entity Attacks (XXE)

7) Access Control Issues (Insecure Direct Object Reference issues, etc.)

8) Exposed Administrative Panels without strong protection

9) Directory Traversal Issues

10) Local File Disclosure (LFD)

11) User Sensitive Information Leakage

12) Any other issue that you think is important

Ineligible Reports

1) Vulnerabilities affecting users of outdated browsers or platforms: IE < 9, Chrome < 40, Firefox < 35, Safari < 7, Opera < 13

2) “Self” XSS

3) Missing cookie flags

4) Mixed content warnings

5) SSL/TLS best practices

6) Clickjacking/UI redressing

7) Reflected file download attacks (RFD)

8) Physical or social engineering attacks

9) Unverified Results of automated tools or scanners

10) Login/logout/unauthenticated/low-impact CSRF

11) Issues related to networking protocols or industry standards

12) Missing security-related HTTP headers which do not directly lead to a vulnerability

Domains

*.innoplexus.com/

*.innoplexus.com/de/

*.iPlexus.ai/

*.kPlexus.net/

“Hall of Fame” is a leaderboard for all hackers who found a security vulnerability for the domains listed, and have submitted their report at security@innoplexus.com. Before submitting the report they have to acknowledge and agree to the terms and condition of the program.

Kostenlose Beratung buchen