Zolostays Bug Bounty Program | Zolo

Zolostays Bug Bounty Program

Zolo Engineers Work hard to make our products safe for our customers. We Invite reports from independent security researchers about possible security vulnerabilities with our products

Bug bounty program is paused from Dec 1, 2021 to Feb 28, 2022. Please check this page for any future updates

Guidelines for submitting the Vulnerabilities

Don’t attempt to gain access to another user’s account or data.
Don’t perform any attack that could harm the reliability/integrity of our services or data.
DDoS/spam attacks are not allowed.
Don’t publicly disclose a bug before it has been fixed.
Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
Please submit bugs with POC to email addresstech-security@zolostays.com

Hall of Fame

Mohith Kalyan
Sudhanshu Chauhan
Tinu Tomy
Vishal Yadav
Mansouri Badis
Saikat Banerjee
Shahrukh Iqbal Mirza
Devender Rao
Akhil Jain
Erik
Sai Ram Ganji
Chakka Sai Teja
Anurag Verma
Mohith Kalyan
Sudhanshu Chauhan
Tinu Tomy
Vishal Yadav
Mansouri Badis
Saikat Banerjee
Shahrukh Iqbal Mirza
Devender Rao
Akhil Jain
Erik
Sai Ram Ganji
Chakka Sai Teja
Anurag Verma

Eligibility for the reward

The security bug must be original and previously unreported.
You must not be an employee, contractor, or otherwise, have a business relationship with Zolo
We should be able to reproduce the bug.
It is entirely at our discretion to decide whether a bug is significant enough to be eligible for a reward.

Following vulnerabilities are eligible for a reward

Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Code Executions
SQL injections
Server Side Request Forgery (SSRF)
Privilege Escalations
Authentication Bypasses
File inclusions (Local & Remote)
Protection Mechanism bypasses (CSRF bypass, etc.)
Leakage of sensitive data
Directory Traversal
Payment manipulation
Administration portals without an authentication mechanism
Open redirects which allow stealing tokens/secrets

Following vulnerabilities are not eligible for a reward

Clickjacking
Application stack traces (Path disclosures, etc.)
Self-type Cross Site Scripting / Self-XSS
Vulnerabilities that require Man in the Middle (MiTM) attacks
Denial of Service attacks
CSRF issues on actions with minimal impact
Cache Poisoning
Missing SPF records
Brute force attacks

Zolo Stays in Bangaloreexpand

Zolo Stays in Chennaiexpand

Zolo Stays in Coimbatoreexpand

Zolo Stays in Delhiexpand

Zolo Stays in Gurugramexpand

Zolo Stays in Hyderabadexpand

Zolo Stays in Mumbaiexpand

Zolo Stays in Noidaexpand

Zolo Stays in Puneexpand

zolo_logo

Corporate Office

No. 1190, 22nd Cross, HSR Layout, Sector 3 Bangalore, Karnataka India - 560102

Contact Us

088845-18010
info@zolostays.com

Stay in Touch

FBInstagramLinkedInYouTube