Site.pro Site.pro
  • AI Website BuilderAI Website Builder
    • AI Website BuilderAI Website Builder
    • Online StoresOnline Stores
    • PricesPrices
    • CollaborationCollaboration
    • Website ImportWebsite Import
    • PluginsPlugins
    • Website BuilderWebsite Builder
    • TemplatesTemplates
    • For Design StudiosFor Design Studios
    • Useful LinksUseful Links
    • Affiliate ProgramAffiliate Program
    • We Build for YouWe Build for You
    • ExamplesExamples
    • LanguagesLanguages
  • DomainsDomains
    • Register Domain NameRegister Domain Name
    • Migrate DomainsMigrate Domains
    • For Domain InvestorsFor Domain Investors
    • Domain ZonesDomain Zones
    • DomainityDomainity
    • FAQ: DomainsFAQ: Domains
    • Popular Domain ZonesPopular Domain Zones
    • .com.com
    • .org.org
    • .net.net
    • .us.us
    • .co.co
  • EmailEmail
    • Free EmailFree Email
    • Email for BusinessEmail for Business
    • PricesPrices
    • Transfer EmailsTransfer Emails
    • Custom Domain EmailCustom Domain Email
    • FAQ: EmailFAQ: Email
    • Popular FAQsPopular FAQs
    • Email SetupEmail Setup
    • Auto ReplyAuto Reply
    • Auto ForwardingAuto Forwarding
    • Spam ProtectionSpam Protection
  • Accounting SoftwareAccounting Software
    • Accounting SoftwareAccounting Software
    • ModulesModules
    • PricesPrices
    • Integrations, APIIntegrations, API
    • Accounting Companies (389)Accounting Companies (389)
    • Software Integrators (52)Software Integrators (52)
    • Affiliate PartnersAffiliate Partners
    • Useful LinksUseful Links
    • Business TypesBusiness Types
    • Use CasesUse Cases
    • Accounting CompaniesAccounting Companies
    • Sole ProprietorSole Proprietor
    • InvoicingInvoicing
    • FarmerFarmer
    • E-commerceE-commerce
  • For ResellersFor Resellers
    • White LabelWhite Label
    • Revenue ShareRevenue Share
    • PricesPrices
    • PanelsPanels
    • How it WorksHow it Works
    • Marketing MaterialsMarketing Materials
    • Mass ImportMass Import
    • Our PartnersOur Partners
    • Reselling ExamplesReselling Examples
    • DocumentationDocumentation
    • Free WebsitesFree Websites
  • LearnLearn
    • Knowledge BaseKnowledge Base
    • BlogBlog
    • Growth HackingGrowth Hacking
    • For HostingsFor Hostings
    • For EducationFor Education
    • Website Сreation TutorialWebsite Сreation Tutorial
    • Teaching Institutions (69)Teaching Institutions (69)
    • Accounting Courses WorldwideAccounting Courses Worldwide
  • AI Website BuilderAI Website Builder
    • AI Website BuilderAI Website BuilderAI creates websites for you
    • Online StoresOnline StoresBuild online stores
    • PricesPricesAdvanced Features
    • CollaborationCollaborationCo-create websites live
    • Website ImportWebsite ImportImport Any Website
    • PluginsPluginsBuilder plugin and functions
    • Website BuilderWebsite BuilderKey Features
    • TemplatesTemplates200+ Awesome Templates
    • For Design StudiosFor Design StudiosBenefits for Design Studios
    • Useful LinksUseful Links
    • Affiliate ProgramAffiliate Program
    • We Build for YouWe Build for You
    • ExamplesExamples
    • LanguagesLanguages
  • DomainsDomains
    • Register Domain NameRegister Domain NameDomain registration, parking, transfer
    • Migrate DomainsMigrate DomainsTransfer. Connect. Renew
    • For Domain InvestorsFor Domain InvestorsDiscount on all domains
    • Domain ZonesDomain ZonesBuy New Domain Name
    • DomainityDomainityDomain usage by country
    • FAQ: DomainsFAQ: DomainsFind Answer
    • Popular Domain ZonesPopular Domain Zones
    • .com.com
    • .org.org
    • .net.net
    • .us.us
    • .co.co
  • EmailEmail
    • Free EmailFree EmailCreate email
    • Email for BusinessEmail for BusinessAdvanced features & protection
    • PricesPricesCheap email hosting
    • Transfer EmailsTransfer EmailsMigrate your mailboxes
    • Custom Domain EmailCustom Domain EmailEmail address with your domain
    • FAQ: EmailFAQ: EmailFind Answer
    • Popular FAQsPopular FAQs
    • Email SetupEmail Setup
    • Auto ReplyAuto Reply
    • Auto ForwardingAuto Forwarding
    • Spam ProtectionSpam Protection
  • Accounting SoftwareAccounting Software
    • Accounting SoftwareAccounting SoftwareCloud based ERP
    • ModulesModulesMain accounting software modules
    • PricesPrices30 days free trial
    • Integrations, APIIntegrations, APIIntegration with external systems
    • Accounting Companies (389)Accounting Companies (389)Choose your partner for accounting
    • Software Integrators (52)Software Integrators (52)Pick your integrations partner
    • Affiliate PartnersAffiliate PartnersPartners and Affiliate program
    • Useful LinksUseful LinksCalculators and Calendars
    • Business TypesBusiness TypesUse Cases
    • Use CasesUse Cases
    • Accounting CompaniesAccounting Companies
    • Sole ProprietorSole Proprietor
    • InvoicingInvoicing
    • FarmerFarmer
    • E-commerceE-commerce
  • For ResellersWhite LabelFor ResellersWhite Label
    • White LabelWhite LabelCustomise Builder
    • Revenue ShareRevenue ShareEarn 50% from each upgrade
    • PricesPricesRevenue Share. White Label
    • PanelsPanelsOne product for all platforms
    • How it WorksHow it WorksCloud or On-Premises
    • Marketing MaterialsMarketing MaterialsVideo. Mockups. Blocks
    • Mass ImportMass Import
    • Our PartnersOur Partners
    • Reselling ExamplesReselling Examples
    • DocumentationDocumentation
    • Free WebsitesFree Websites
  • LearnLearn
    • Knowledge BaseKnowledge BaseFAQ, Tutorial, Video
    • BlogBlogSite.pro Blog
    • Growth HackingGrowth HackingBoost your sales
    • For HostingsFor HostingsTips on marketing
    • For EducationFor EducationTraining. Tutorials
    • Website Сreation TutorialWebsite Сreation Tutorial
    • Teaching Institutions (69)Teaching Institutions (69)
    • Accounting Courses WorldwideAccounting Courses Worldwide
  • RegisterRegister
    Site.pro

    Create Your Account

    Get started — free and easy!

    Register

    By proceeding, you accept our Terms of Service and Privacy Policy
  • Log inLog in
    Site.pro

    Welcome back!

    Access your work space

    Log in

    New user? Create account
    Forgot password?
  • $
    $
  • EnglishEnglish

Bug Bounty Program

Scope

  • Domain: site.pro (only on main domain, no subdomains, like "tw.site.pro" and any other)
  • Registration in bounty program required
  • Report the vulnerability bug by creating a ticket (choose any available category)

Vulnerabilities

  • Unauthorized access to project servers (vulnerabilities that leads to remote code execution RCE);
  • XSS vulnerabilities on the assets with critical functionality (with proven script execution);
  • Server-side vulnerability with information disclosure (for ex. memory leaks or insecure direct object references) of critical or highly confidential data;
  • Authentication bypass or privilege escalation;
  • Injection vulnerabilities;
  • Any other vulnerability that can lead to loss of user privacy.

Issues considered out of scope:

  • Disclosure of non-sensitive information (for ex. project version) and information that does not present significant risk;
  • Reports of missed protection mechanism / best current practice (for ex. no CSRF token, framing/clickjacking protection, tabnabbing) without demonstration of real security impact for user or system;
  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions;
  • CSRF on self-hosted servers, unless proved to be present on public server;
  • Self-XSS;
  • Remaining EXIF data in images that are uploaded to the service;
  • Attacks requiring MITM or physical access to a user's device;
  • Content spoofing and text injection issues without showing an attack vector;
  • Missing best practices in SSL/TLS configuration or in Content Security Policy;
  • Missing HttpOnly or Secure flags on cookies;
  • Missing DNSSEC on the domain;
  • Missing best practices (eg. security headers, invalid, incomplete or missing SPF/DKIM/DMARC records, etc.);
  • Missing rate-limit methods without demonstration of real security impact for user or system;
  • Insecure password complexity requirements;
  • Vulnerabilities related to 3rd-party software unless they lead to vulnerability in our scope;
  • Vulnerabilities involving stolen credentials;
  • Phishing and social engenering;
  • Issues that require unlikely victim interaction not causing any harm to that victim;
  • Providing publicly leaked sensitive user data without demonstration of a specific vulnerability, which causes leak of that data, and which is currently reproducible on the website;
  • Related problems (with the same root) that were reported and confirmed previously;
  • Publicly disclosed issues.
  • Vulnerabilities assuming lost (stolen) access to one of OAuth methods or email that can be used on Site.pro for authentication.
  • Vulnerabilities that engage Cookie Editor plugin in browser.

Program Rules

  • If you think you have found a security vulnerability — please provide us detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, we only award the first report that was received.
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Social engineering (phishing and etc.) is prohibited.
  • Vulnerability must be original and previously unreported.
  • Do not perform any attack that could harm the reliability or integrity of our services or data.
  • Avoid scanning techniques that are likely to cause degradation of service to our customers (for ex. DDoS, spamming).
  • Refrain from stealing and disclosure user's private information.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Amount of Reward

In determining the amount of payout, we will take into account the level of risk and impact of the vulnerability:

  • Critical: 400—500 EUR. Server or database direct access. Full access to administrative resources.
  • High: 200—300 EUR. Possibility to modify any data of other users.
  • Medium: 100—200 EUR. Perform actions on other users behalf with no victim interaction. View critical user data like payments or contact details.
  • Low: 10—100 EUR. Any other unlikely action from user perspective causing harm to that user and/or bringing benefit for the attacker.

You will receive the funds in your account within 10 working days after providing an invoice.
An invoice must contain the following "Bill to" information:

Site.pro Ltd
Company code: HE482121
VAT code: 60239863S
Promachon Eleftherias 1, Floor 1, Office 18/19
Agios Athanasios, CY-4103, Limassol, Cyprus
© Site.pro 2011. Website Builder. United States.
Contact SalesContact SalesTerms of ServiceTerms of ServicePrivacy PolicyPrivacy PolicyCookie SettingsCookie Settings