- Tencent weiyun expandrive full#
- Tencent weiyun expandrive registration#
- Tencent weiyun expandrive free#
No SPF/DMARC in non-email domains/subdomains.Unverified Results of automated tools or scanners.Login/logout/unauthenticated/low-impact CSRF.
CSRF/XSS with long or unpredictable parameter.SMS/Email flooding for some of our business.The following issues are considered out of scope (either ineligible or false positives): When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. Once you have a QQ or WeChat account, you can start testing.
Tencent weiyun expandrive registration#
To register a Wechat account, please download an WeChat app from App store or through Android system, then follow the registration guide. To register a QQ account, please go to and follow the instructions.Ģ. You can use a QQ or Wechat account to log into all Tencent’s assets.ġ. If an IP belongs to Tencent Cloud external customer, it is not considered in scope. Only vulnerabilities affecting the platform itself and IP owned by Tencent will be accepted. *Notes about Tencent Cloud ( as included in *.) Please note that the vulnerabilities reported for the following assets will not be eligible for bounties.
Tencent weiyun expandrive full#
* Full list at (仅限:腾讯专区)(Just: Tencent Area)
Vast Users’ Sensitive Information Leakage. Exposed Administrative Panels that without strong protection. Access Control Issues (Insecure Direct Object Reference issues, etc.). The main categories of vulnerabilities that we are concerned about are: The decision to grant a monetary rewarded and the final amount for a vulnerability will be within the discretion of the Tencent Security Team.Īny report that results in a change being made will at a minimum receive the Hall of Fame recognition. Tencent may choose to pay extra higher rewards, up to a maximum of $28,000 bounty for special promotion we run, unusually clever, severe, or highly influential vulnerabilities, as well as lower rewards for vulnerabilities that require significant or unusual user interaction. We can’t be legally prohibited from rewarding you.Īll reports will be reviewed based on the impact and severity of the reported vulnerability. Tencent weiyun expandrive free#
Feel free to contact us if you have any questions. Please take note that any form of vulnerability disclosure prior to consent from Tencent may result in disqualification from the bug Bounty program. The disclosure should be under the authorization of TSRC. In order to protect user privacy, it is strictly forbidden to publicly disclose the vulnerability prior to the report being closed and the vulnerability being fixed. When testing, you must use your own test accounts in order to respect our users’ privacy, especially those which may compromise the privacy of others. Accessing private information of other users, performing actions that may negatively affect Tencent users (e.g., spam, denial of service), or sending reports from automated tools without verifying them will immediately disqualify the report, and may result in additional steps being taken. The vulnerability must demonstrate security impact to a site or application in scope (see Scope below). 
Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward. Please provide detailed reports with reproducible steps. You must be the first reporter of the vulnerability. However, only reports that meet the following requirements are eligible to receive a monetary reward: Any design or implementation issue that is reproducible and substantially affects the security of Tencent users is likely to be in scope for the program.
0 kommentar(er)
