Responsible Disclosure

Security is our priority & we try all possible efforts to make our website secure. If you are a security researcher and have discovered any security vulnerability in our website, we appreciate your efforts in disclosing it to us in responsible way.

Guidelines for Responsible Disclosure

If you have find any security issue, we request you to immediately contact us via [email protected] or fill below form.

  • Please include all details in your reports , with steps to reproduce.
  • Perform Research only within the scope.
  • Do not destroy any data during your security testing.

What we promise

If you follow all guidelines when reporting to us

  • We will not take any legal action against your research.
  • Work with you to understand issue resolve as quick as possible.
  • To Maintain a good relation with you & recognize your effort on our Security Researcher HoF Page.

Scope

The  scope of issues are limited to security vulnerabilities in cyberxploits domain.

  • https://cyberxploits.com

Qualifying Vulnerabilities

Web application vulnerabilities related with Owasp Top 10. You must be the first reporter to responsibly disclose the vulnerability and you must follow the responsible disclosure principles set out in this policy, which include giving us a reasonable amount of time to address the vulnerability. 

What is not a qualifying vulnerability?

Each submission will depend on impact, but here is a list of some of the issues which non qualifying vulnerabilities: 

  • UI and UX bugs and spelling mistakes;
  • TLS/SSL related issues;
  • Vulnerabilities due to out of date browsers or plugins;
  • Content-Security Policies (CSP);
  • Vulnerabilities in end of life products;
  • Lack of secure flag on cookies;
  • Vulnerabilities relying on the existence of plugins such as Flash;
  • Flaws affecting the users of out-of-date browsers and plugins;
  • Security headers missing such as, but not limited to “content-type-options”, “X-XSS-Protection”;
  • Vulnerabilities requiring a physical access to mobile devices;
  • Use of a known-vulnerable library without proof of exploitability;
  • Tap-jacking and UI-redressing attacks that involve tricking the user into tapping a UI element.

Reporting an Issue

You can Report the issue via [email protected] 

Hall of Fame

The CyberXploits Security Team thanks all researchers that help with discovering security vulnerabilities. Thanks once again .

 2019