101013 policies in database
Link to program      
2023-04-04
Pine Labs Bug Bounty Program logo
Thank
Gift
HOF
Reward

Reward

Pine Labs Bug Bounty Program

Pine Labs

Pine Labs is an Indian merchant platform company that provides financing and last-mile retail transaction technology, founded in 1998. It is one of the unicorn companies, with a valuation of over US$5 billion. It provides a merchant platform and makes software for point of sale machines.

Program Rules

At Pine Labs we recognize the important role that security researchers play in helping to keep Pine Labs and our customers secure.

By participating in this program you acknowledge that you have read and agreed to the Program Rules, which is defined as this entire document.

Testing Policy and Responsible Disclosure

Please adhere to the following rules while performing research on this program:

  • Denial of service (DoS) attacks on Pine Labs applications, servers, networks or infrastructure are strictly forbidden.
  • Avoid tests that could cause degradation or interruption of our services.
  • Do not use automated scanners or tools that generate large amount of network traffic.
  • Only perform tests against your own accounts to protect our users' privacy.
  • Do not leak, manipulate, or destroy any user data or files in any of our applications/servers.
  • Do not copy any files from our applications/servers and disclose them.
  • No vulnerability disclosure, full, partial or otherwise, is allowed.

Reward Eligibility and Amount

We are happy to thank everyone who submits valid reports which help us improve the security of Pine Labs, however only those that meet the following eligibility requirements may receive a monetary reward:

  • You must be the first reporter of a vulnerability.
  • The vulnerability must be a qualifying vulnerability (see below).
  • The report must contain the following elements:
    • Clear textual description of the vulnerability, how it can be exploited, the security impact it has on the application, its users and Pine Labs, and remediation advice on fixing the vulnerability
    • Proof of exploitation: screenshots and/or videos demonstrating the exploit was performed, and showing the final impact
    • Provide complete steps with the necessary information to reproduce the exploit, including (if necessary) code snippets, payloads, commands etc
  • You must not break any of the testing policy rules listed above
  • You must not be a former or current employee of Pine Labs or one of its contractors.

Reward amounts are based on:

  • Reward grid of the report's scope
  • CVSS scoring and actual business impact of the vulnerability upon performing risk analysis

In Scope

Scope Type Scope Name
android_application

https://play.google.com/store/apps/details?id=com.pinelabs.emicatalogue.pinelabs&hl=uz

api

https://api.pluralonline.com

api

https://api.pluralpay.in

api

https://pinepg.in/

api

https://pluralcheckout.pinepg.in

web_application

dashboard.pluralonline.com

web_application

analytics.pinelabs.com

web_application

trm.pinepaymentsolutions.com

web_application

https://www.letspaylater.ph/

web_application

https://www.pinelabs.ae/

web_application

https://billingserver.pinelabs.com/

web_application

https://lounge.pinelabs.com/loungeui/login

web_application

https://pinepgconsole.in:9099

web_application

https://myplutus.pinelabs.my/

web_application

https://trm.pinelabs.ae

web_application

https://credit.pinelabs.com

web_application

https://plmcixt.pinelabs.com/

web_application

https://emistores.pinelabs.com/

web_application

https://www.pinelabs.com/

web_application

https://www.pinelabs.my/

web_application

https://www.pinelabs.us/

web_application

https://board.pinelabs.com/

web_application

https://nbs.pinelabs.com/

Out of Scope

Scope Type Scope Name
undefined

All other Pine Labs assets that are not listed above are to be treated as out of scope


This program crawled on the 2023-04-04 is sorted as bounty.

FireBounty © 2015-2025

Legal notices | Privacy policy