We take security issues seriously. If you are the first to report a verifiable security issue, we'll thank you with a place at our hall of fame page.

We only are looking for bugs on website https://www.digitalsellz.com __

IMPORTANT:

1. PLEASE NOTE THAT AUTOMATED TESTING IS NOT PERMITTED! SYSTEM WILL BAN YOU PERMANENTLY IF YOU DO.

2. PLEASE DO NOT UPLOAD LARGE FILES WHEN DOING TESTING

Scope:

1. Cross-Site Scripting (XSS)
2. Cross-Site Request Forgery (CSRF/XSRF)
3. Broken Authentication
4. Remote Code Execution
5. Privilege Escalation
6. Sql Injection

We are mainly interested in HIGH IMPACT bugs.

This builds upon our disclosure guidelines/philosophy here: <https://hackerone.com/guidelines>

Exclusions

1. Brute-force attacks on login, DOS Attacks or information leaks via error messages in login
2. Clickjacking attacks
3. Version disclosure issues, unless there are known vulnerabilities for that version
4. Denial of service vulnerabilities
5. Spam or social engineering techniques
6. Bugs in third-party libraries or services used by digitalsellz.com
7. SSL Services are out of scope
8. Session Cookie configurations
9. Logout related bugs.

Please Note:
When reporting a bug please provide a working example (PoC) and steps to reproduce.