Security
Vulnerability Disclosure
null community encourages security researchers to responsibly disclose security vulnerabilities affecting any of null community portal or infrastructure
- Please send your vulnerability reports to security [at] null [dot] co [dot] in or fill the form available at https://forms.gle/zT2yDMBWE7UuVhLU7 for faster response(Recommended)
- Researchers reporting valid vulnerabilities will be credited in the Hall of Fame
- null is a non-profit open security community. We DO NOT offer any monetary reward for reporting security vulnerabilities
General guidelines for reporting vulnerability
- Must have a demonstrable security impact for null community
- Provide technical details with screenshots where applicable
- Provide your name/nick/handle which you want to be quoted for credit in Hall of Fame page
Hall of Fame Exceptions (Not eligible for Hall of fame listing)
Mixed content warning
There is an active issue in swachalit issue log https://github.com/null-open-security-community/swachalit/issues/99
Please feel free to add list of url's in it if you spot any and we will work on it as we can to fix it holistically.Logout CSRF
We do not consider this as a bug in line with Google https://bughunters.google.com/learn/invalid-reports/web-platform/csrf-clickjacking/5072689380982784/csrf-in-the-logout-handler
If you are seriously interested in helping us fix this bug feel free to send a pull request : https://github.com/null-open-security-community/swachalit
Last edited: 2022-08-28 05:55:51 +0530