Banner object (1)

Hack and Take the Cash !

805 bounties in database
  Back Link to program      
11/01/2020
DRIVE.NET, Inc. logo
Thanks
Gift
Hall of Fame
Reward

DRIVE.NET, Inc.

Scope

For now only the drive2 web application (www.drive2.ru __) is in scope. The valid attack surface is anything on that domain, and any subdomains.
However, if you find any vulnerabilities in our other products you're welcome to report them as well.

We are most interested in the following vulnerabilities:

  • Remote Code Execution (RCE)
  • Privilege Escalation
  • Account Takeover
  • Cross-site Scripting (XSS)

Please do not report:

  • Missing Content-Security-Policy and Feature-Policy headers
  • DKIM and DMARC issues (we're working on it)
  • Username, email and phone number enumeration
  • Paths exposed in our robots.txt file

Reporting Policy

When submitting the report, make sure to include:

  • A short summary
  • Steps to reproduce
  • Security impact (if not clear from the summary/description)

Disclosure Policy

We will abide by HackerOne's disclosure guidelines. __.
Disclosure is possible only after the issue you reported is fixed and confirmed to be safe to disclose by our developers.

Exclusions

While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Utilising automated scanners that may have an impact on our systems
  • Spamming
  • Social engineering (including phishing)
  • Anything requiring physical access Thank you for helping keep DRIVE.NET, Inc. and our users safe!

Естественно, мы также принимаем отчеты на русском языке.
Спасибо, что помогаете нам стать безопаснее.

In Scope

Scope Type Scope Name
web_application

www.drive2.ru

web_application

*.drive2.ru

web_application

*.d-cd.net

web_application

api.drive2.ru

Out of Scope

Scope Type Scope Name
web_application

ypcdbw.drive2.ru


This program have been found on Hackerone on 2020-01-11.

FireBounty © 2015-2020

Legal notices