Ucartz appreciates and values the researchers who bring security to Ucartz platform. As a security researcher, we want to hear from you if you have found a vulnerability in Ucartz website. Suppose your vulnerability report affects a product or service within the scope of our bounty programs below. In that case, we would reward reporters for the responsible disclosure of in-scope issues. Even if it is not covered under an existing bounty program, we will publicly acknowledge your contributions to fix the vulnerability.
We ask that you make every effort to maintain the integrity of our users’ data during your research, avoiding violating privacy or degrading our service. It would be best to give us a reasonable time to fix any vulnerability you find before making it public. In return, we promise to investigate reports promptly and not take any legal action against you.
Please include detailed steps to reproduce and a brief description of the impact. You have to agree to test the countermeasure's effectiveness applied to your report. You should agree to keep any communication private.
We encourage responsible disclosure, and we promise to investigate all legitimate reports promptly and fix any issues as soon as we can. We do read all reports within 48 hours, but as all reports are reviewed and personally investigated by our senior staff, it may take up to 15 business days before you hear back from us.
The submissions under the following are eligible for rewards:
Note that third-party applications or websites are not owned or controlled by Ucartz and are not within the program's scope.
We do not accepts bugs related to Billing/WHMCS & cPanel. Instead we accept bugs related to Code Injection & File uploaded vulnerabilities on our main Domain ucartz.com. The reporter must submit a POC & Steps to reproduce the bug through our ticket system.
If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us to address it as soon as possible. Click here to submit a security vulnerability.
We don't offer any reward amounts for any bugs reported. Instead, a valid report will be verified and considered for the Hall Of Fame.
Our thanks to the following security researchers for their submissions:
Ucartz appreciates and values the researchers who bring security to Ucartz platform. As a security researcher, we want to hear from you if you have found a vulnerability in Ucartz website. Suppose your vulnerability report affects a product or service within the scope of our bounty programs below. In that case, we would reward reporters for the responsible disclosure of in-scope issues. Even if it is not covered under an existing bounty program, we will publicly acknowledge your contributions to fix the vulnerability.
We ask that you make every effort to maintain the integrity of our users’ data during your research, avoiding violating privacy or degrading our service. It would be best to give us a reasonable time to fix any vulnerability you find before making it public. In return, we promise to investigate reports promptly and not take any legal action against you.
Please include detailed steps to reproduce and a brief description of the impact. You have to agree to test the countermeasure's effectiveness applied to your report. You should agree to keep any communication private.
We encourage responsible disclosure, and we promise to investigate all legitimate reports promptly and fix any issues as soon as we can. We do read all reports within 48 hours, but as all reports are reviewed and personally investigated by our senior staff, it may take up to 15 business days before you hear back from us.
The following are the valid vulnerability types:
Note that third-party applications or websites are not owned or controlled by Ucartz and are not within the program's scope.
If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us to address it as soon as possible. Click here to submit a security vulnerability.
With Ucartz Bug Bounty Program, each bounty that offers security bugs will be rewarded in the following ways:
We’ll be pleased to credit you in our HoF for your reports until patches are applied.
Our thanks to the following security researchers for their submissions: