Banner object (1)

5283 policies in database
  Back Link to program      
DRIVE.NET, Inc. logo
Hall of Fame



For now only the drive2 web application ( ) is in scope. The valid attack surface is anything on that domain, and any subdomains.
However, if you find any vulnerabilities in our other products you're welcome to report them as well.

We are most interested in the following vulnerabilities:

  • Remote Code Execution (RCE)
  • Privilege Escalation
  • Account Takeover
  • Cross-site Scripting (XSS)

Please do not report:

  • Missing Content-Security-Policy and Feature-Policy headers
  • DKIM and DMARC issues (we're working on it)
  • Username, email and phone number enumeration
  • Paths exposed in our robots.txt file
  • Disabled "X-XSS-Protection" header
  • Concerns about 3rd party JavaScript and mixed content
  • Lack of X-Frame-Options header, unless the page can really be clickjacked

Out of scope

Both search functions are provided by a 3rd party

Reporting Policy

When submitting the report, make sure to include:

  • A short summary
  • Steps to reproduce
  • Security impact (if not clear from the summary/description)

Disclosure Policy

We will abide by HackerOne's disclosure guidelines. .
Disclosure is possible only after the issue you reported is fixed and confirmed to be safe to disclose by our developers.


While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Utilising automated scanners that may have an impact on our systems
  • Spamming
  • Social engineering (including phishing)
  • Anything requiring physical access

Thank you for helping keep DRIVE.NET, Inc. and our users safe!

Естественно, мы также принимаем отчеты на русском языке.
Спасибо, что помогаете нам стать безопаснее.

In Scope

Scope Type Scope Name






Out of Scope

Scope Type Scope Name

This program have been found on Hackerone on 2020-01-11.

FireBounty © 2015-2020

Legal notices