Account [RegistrationRole [Anonymous] Researcher: 1575 Advisories: 1035 Documents: 40 Videos: 236 Date: 16.06.2019 TZ: 03:12

[ Home ] [ Mobile ] [ Vendor ] [ Web-Application ] [ Remote ] [ Local ] [ Websites ] [ Documents ] [ Videos ] [ Search ] [ FAQ ]

Vulnerability Laboratory

Company Name: Vulnerability-Lab

Program Type: Responsible Disclosure Program

Official Website: https://www.vulnerability-lab.com

Social Network: https://twitter.com/vuln_lab

Contact: Email Address

PGP KEY: Public PGP Key

Guidelines of the Security Program

This disclosure program is limited to security vulnerabilities in web applications owned by Vulnerability Labs. All vulnerabilities and bugs affecting vulnerability lab products (web-application, database management system & web engine), or service solutions should be reported via email to the vulnerability-laboratory core research team.

Eligible Security Bugs & Vulnerabilities (In Scope)

We encourage the coordinated disclosure of the following eligible web application vulnerabilities and bugs:

- Cross Site Scripting
- Server-Side Code Execution
- Authentication or Authorization Flaws
- Directory Traversal
- SQL Injection Vulnerabilities
- Information Disclosure
- Significant Security Misconfiguration

To receive credit, you must be the first reporter of a vulnerability and provide us a reasonable amount of time to remediate before publicly disclosing. When submitting a vulnerability, please provide concise steps to reproduce that are easily understood.

Security Program Exclusions (Out of Scope)

While we encourage any submission affecting the security of a Vulnerability Laboratory web property, unless evidence is provided demonstrating exploitability, the following examples are excluded from this program:

- Cross Site Request Forgery
- Self XSS
- Layer Transmission Issues
- Content spoofing or Text Injection
- Missing http security headers
- Missing cookie flags on non-sensitive cookies
- Password and recovery policies, such as reset link expiration or password complexity
- Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM)
- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
- SSL/TLS best practices
- Clickjacking/UI Redressing
- Software version or Banner Flag disclosure
- Username / Email / Account enumeration
- Bruteforce attacks

Validation Process of Security Vulnerabilities & Bugs

All submissions will be reviewed, verified and validated by an employee of the Vulnerability Laboratory Core Research Team. It is required to clear and concise steps to reproduce an issue or vulnerability.

Rules of Security Program

Please use your own account for testing or research purposes. Do not attempt to gain access to another user’s account or confidential information. Please do not test for spam, social engineering or denial of service issues. Your testing must not violate any law, or disrupt or compromise any data that is not your own. Please contact us directly to report security incidents such as customer data leakage or breach of infrastructure.

Communication Encryption with PGP

Please use the public pgp key of the bug bounty program manufacturer to communicate with secure encryption for exchange of zero-day vulnerabilities or bugs. The usage of the pgp key is no requirement to participate in the official bug bounty program. We recommend to use the pgp encryption (windows, mac or linux) for the exchange of unknown vulnerabilities.

Copyrights, Permission & Trademarks

All pictures, texts, advisories, sourcecodes, ressources, videos and other information of the vulnerability lab website is trademark of the evolution security gmbh company & the specific authors, manufacturer or manager team. To record, public list(feed/auto), modify, public demo usage, copy or edit our material contact the administrators or managers of the program to get a permission.


[Vulnerability Magazine][June] Critical: 0 High: 0 Medium: 0 Low: 0 Best Researcher: [S.AbenMassaoud] Threat: