Security Policy

Services in Scope

This policy begins on 01.01.2019.

All services and subdomains under these domains are in scope:

  • *.tagnull.de
  • *.schminkding.de

Unallowed procedures

Please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam mails, or do other similarly questionable things. I also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic or try to brute-force logins.

Qualifying vulnerabilities

  • Cross-site scripting
  • Cross-site request forgery
  • Mixed-content scripts
  • Authentication or authorization flaws
  • Information leaks like:
    • Passwords
    • Files that “look like they better shouldn’t be public”
  • Server-side code execution bugs

Reporting

Please contact me via email with a written report of your findings. Please include all the steps that led to the exploitation of the vulnerability and also your contact details in order to be rewarded.

Rewards

As this is a privately hosted site - I won’t be able to provide you with high value bug bounties.

However you will be listed (if you want) on the acknowledgements page.
RCE vulnerabilities will be rewarded with up to 100€.

Next Post Home
x41 avatar
x41
IT-Security consultant by day. InfoSec enthusiast and Dungeon-Master at night.