follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel



« previous next »
Pages: [1]

Author Topic: Cloudways Bug Bounty  (Read 14275 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Cloudways Bug Bounty
« on: June 14, 2023, 06:45:54 pm »
submit bug report: https://bugcrowd.com/cloudways

Program Rules:
You are NOT ALLOWED to take any vulnerability (fixed or otherwise) Public at any time. In all cases, you should report the discovered vulnerabilities through the appropriate channels.
The reports MUST include clear steps (Proof of Concept) to reproduce and re-validate the vulnerability. You can attach videos, images in standard formats.
Testing should ONLY be done on and through the account(s) that you own.
Prohibited Actions/Activities during testing:
Launching servers greater than 4GB.
Creating Cloudways Support tickets.
Using Cloudways servers for any illegal activities including but not limited to hosting malicious and phishing websites, abusing server bandwidth to carry out DDoS attacks, brute force attacks, spamming, and running cryptocurrency mining scripts.
Hosting personal or commercial websites on the Cloudways servers launched through the provided account.
Social engineering attacks of any kind.
If you find any sensitive information (e.g Passwords or API keys), do not attempt to validate them; simply report directly to Cloudways.
Destruction, modification and corruption of data is strictly prohibited.
Researcher should not launch more than 3 servers in account.
If we find researcher account violating these rules, then these servers will be removed without notice.
Out-of-Scope Areas:
There is a known issue with cache poisoning currently being remediated.
Rate limiting issues are out of scope.
Open redirection is out of scope for the following targets: developers.cloudways.com, www.cloudways.com , support.cloudways.com
Servers that are launched through the Cloudways Platform, as well as any applications running on those servers, are out of scope. Only the server and application management features that directly affect the Platform, and not the servers or applications, are in scope.
Embedded database manager in Cloudways Platform.
Third-party Services: Any target that redirects to a third-party URL/service by changing the URL in the browser’s address bar is out of scope. This also includes Cloudways URLs which are not part of the target section.
Customer support channels including but not limited to chats, support tickets, emails, etc.
Logged
Pages: [1]
« previous next »