Report a vulnerability
Have you found a vulnerability in a product or service from Honeybank Studios? You can use this site to report vulnerabilities directly to us, even anonymously if you wish. Please read below the criteria for eligible submissions.
Disclosure policy
- Do not execute or attempt to execute any "Denial of Service" attack.
- Do not post, transmit, upload, link to, send or store any malicious software.
- Do not test what would result in sending unsolicited or unauthorised junk mail, spam or other forms of unsolicited messages.
- Do not test in a manner that would corrupt our operations.
- Do not test third-party applications, websites or services that integrate with our systems.
- Remove all data and sensitive information you got from the analysis once the report is submitted.
What's in-scope
- Injection vulnerabilities
- Broken Authentication and Session Management
- Cross Site Scripting (XSS)
- Remote Code Execution
- Insecure Direct Object Reference
- Sensitive Data Exposure
- Security Misconfiguration
- Missing Function Level Access Control
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
- Directory/Path transversal
- Exposed credentials
Bug bounty
US$300
For valid reports submitted, we will reward the submitter US$300 via either PayPal or a Bank Transfer. Honeybank Studios does reserve to revoke the reward if you are abusing the reporting system or we've already received reports of the same vulnerability.
Submit a report
If your vulnerability meets our criteria, you may submit a report here.
© Honeybank Studios LTD. All rights reserved.
Submitted
We will review your report immediately and get back to you if required.