52235 policies in database
Link to program      
2020-07-21
Gener8 logo
Thank
Gift
HOF
Reward

Gener8

No technology is perfect, and Gener8 believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

? Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.

  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

? Guidelines

While researching, please be considerate of our customers, employees and systems:

  • When using a brute force or automated testing tools you MUST NOT exceed 1 request per second.

  • If you are using automated testing tools, you MUST NOT use multiple IP addresses or run them concurrently in a manner that would exceed the 1 RPS limit.

  • If you register accounts for testing purposes please observe the following:

  • MUST Register using your wearehackerone.com email address OR include 'HackerOne' in your registration name.

  • MUST delete the account no more than 7 days after creating it.

  • MUST NOT create more than 10 accounts in a 7 day period.

  • MUST NOT create accounts with email addresses that you do not control and may otherwise be legitimate e.g. john.doe@gmail.com, test@hotmail.com.

  • MUST NOT purchase items from our marketplace in the following categories: Gift cards, Merchandise or Products.

⛔️ Exclusions

While researching, we'd like to ask you to refrain from:

  • Any activity that could lead to the disruption of our service (DoS)

  • Spamming

  • Social engineering (including phishing) of Gener8 staff or contractors

  • Any physical attempts against Gener8 property or data centers

?‍♂️ Out of scope

When reporting vulnerabilities, please consider attack scenario / exploitability, and security impact of the bug. The following types of issue are considered out of scope:

  • Theoretical attacks without proof of exploitability

  • Session expiration bugs. We are aware that sessions do not expire immediately after exit and consider the risks mitigated by other safeguards we have in place.

  • Any vulnerability outside our control such as hosting providers or other third party vendors, unless we have not configured it securely using the settings made available to us by the vendor.

  • A report of a vulnerability resulting from a violation of the program guidelines

  • Invalid, incomplete or missing SPF/DKIM/DMARC records, on domains other than gener8ads.com

  • Missing HttpOnly or Secure flags on cookies

  • Attacks requiring MITM or physical access to a user's device.

  • Content spoofing and text injection issues without showing an attack vector or without being able to modify HTML/CSS

  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions.

⛵️ Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep Gener8 and our users safe!

In Scope

Scope Type Scope Name
web_application

*.gener8ads.com

Out of Scope

Scope Type Scope Name
web_application

user.gener8ads.com

web_application

api.gener8ads.com/auth

web_application

help.gener8ads.com

web_application

gener8ads.com/iframes


This policy crawled by Onyphe on the 2020-07-21 is sorted as bounty.

FireBounty © 2015-2024

Legal notices | Privacy policy