Report Security Issues

Reporting Security Issues:

If you have discovered a security vulnerability on Shirt Wint, please message us immediately.

We will review all legitimate vulnerability reports and work to promptly resolve the issue.

Before reporting, please review the provided document, including the fundamentals, bounty program, reward guidelines, and what should not be reported.

Fundamentals:

  • If you adhere to the following principles when reporting a security issue, we will not take legal action against you:
    1. Allow us a reasonable amount of time to review and fix the reported vulnerability before disclosing or sharing the information publicly.
    2. Do not interact with private accounts without the account owner’s consent, and make efforts to avoid privacy violations and disruptions to others.
    3. Do not exploit the security issue for any purpose, including attempting to compromise sensitive data or finding additional issues.
    4. Do not violate any applicable laws or regulations.

Bounty Program:

  • We recognize and reward security researchers who report vulnerabilities in our services.
  • Monetary bounties for such reports are at our discretion, based on risk, impact, and other factors.
  • To potentially qualify for a bounty, you need to meet the following requirements:
    1. Adhere to our fundamentals.
    2. Identify a vulnerability that poses a security or privacy risk in our services or infrastructure.
    3. Submit your report via our security center.
    4. If you inadvertently cause a privacy violation or disruption while investigating, disclose this in your report.
    5. We investigate and respond to all valid reports, but response times may vary.
    6. We reserve the right to publish reports.

Rewards:

  • Our rewards are based on the impact of the vulnerability.
  • Please provide detailed reports with reproducible steps for eligibility.
  • When duplicates occur, we award the first report that can be fully reproduced.
  • Multiple vulnerabilities caused by one underlying issue will receive one bounty.
  • The bounty reward is determined by various factors, such as impact, exploitability, and report quality.
  • The specific bounty amounts are listed as follows (maximum amounts per level):

Critical Severity Vulnerabilities ($200):

  • Examples: Remote Code Execution, Remote Shell/Command Execution, Authentication bypass, SQL Injection, full account access.

High Severity Vulnerabilities ($100):

  • Examples: Lateral authentication bypass, Disclosure of important corporate information, Stored XSS, Local file inclusion, insecure authentication cookie handling.

Medium Severity Vulnerabilities ($50):

  • Examples: Logic flaws, business process defects, insecure object references.

Low Severity Vulnerabilities:

  • Examples: Open redirect, Reflective XSS, Low sensitivity information leaks.

Please note that reward amounts are subject to our discretion and may be adjusted over time based on feedback and program improvements.

Customer Support 24/7 

Phone :+16148048824

Mail: **@*******nt.com

Business address : 1512 Riverlight Lane Mount Pleasant, SC 29466 USA