Responsible Disclosure
Notice:
We have decided to temporarily suspend the bug bounty program to catch up on the backlog of reports and prioritize other improvements on our roadmap. We will update this message when the bounty program is open to new submissions again.
Introduction:
At the Hyperstack Corporation, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
Valid Vulnerability Categories
Automated tools or scripts ARE STRICTLY PROHIBITED, and any POC submitted to us should have a proper step-by-step guide to reproduce the issue. Abuse of any vulnerability found shall be liable for legal penalties
- 1. Cross-Site Request Forgery ** - With significant security impact
- 2. Cross-Site Scripting ** Self-XSS is out of scope
- 3. Open Redirects ** With significant security impact
- 4. Cross Origin Resource Sharing ** With significant security impact
- 5. SQL injections
- 6. Server Side Request Forgery
- 7. Privilege Escalation
- 8. Local File Inclusion
- 9. Remote File Inclusion
- 10. Leakage of Sensitive Data
- 11. Authentication Bypass
- 12. Directory Traversal
- 13. Payment Manipulation
- 14. Remote Code Execution
In Scope Domain - studio.thehyperstack.com
Public Disclosure Policy:
By default, this program is in “PUBLIC NONDISCLOSURE” mode which means: "THIS PROGRAM DOES NOT ALLOW PUBLIC DISCLOSURE. ONE SHOULD NOT RELEASE THE INFORMATION ABOUT VULNERABILITIES FOUND IN THIS PROGRAM TO PUBLIC, FAILING WHICH SHALL BE LIABLE FOR LEGAL PENALTIES!”
Conclusion
We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.
Hyperstack reserves the rights to discontinue the reward program without previous notice at any time. We may modify the terms of this program or terminate this program at any time. We won’t apply any changes we make to these program terms retroactively. Hyperstack employees and their family members are not eligible for bounties.
Bug Bounty Hall of Fame
On behalf of the Hyperstack and the thousands of people who visit our sites, use Hyperstack and our other products we would like to thank them for their hard work in helping to make us more secure.
Congratulations to everybody who has participated!
1st Quarter 2021