Welcome to SailsPay Payment Aggregator

Logo

Bug Bounty Program

If you believe that you have found a security vulnerability or bug on any of Sailspay’s owned Website or Application, we encourage you to let us know straight away. Our Team will investigate all legitimate reports and do our best to quickly fix the problem.

Disclosure Policy

We will acknowledge your submission only if you are the first person to report a certain vulnerability. Known issues or issues that have already been reported will not be considered as a valid report. You may not publicly disclose the vulnerability prior to our resolution. Any improper public disclosure or misuse of information will entitle Sailspay to take appropriate legal action.

Response Targets

Sailspay will make the best effort to meet the following response targets for hackers participating in our program:

  • First response - 1 business day
  • Time to triage - 2 business days

We’ll try to keep you informed about our progress throughout the process.

Program Rules

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.

Please refrain from the following:

  • Trying DOS/DDOS attacks
  • Automated scanning tools that generate significant traffic
  • Accessing private information (use your own accounts)
  • Performing actions that could negatively affect Sailspay users (e.g., social engineering, phishing, spam, denial of service)
  • Submitting reports from automated tools without verifying them
  • Performing brute force testing for rate limiting

In Scope

Domain: *.Sailspay.com

Out of Scope Vulnerabilities

  • Issues related to software not under Sailspay’s control
  • Forms missing CSRF tokens (requires evidence of actual CSRF vulnerability)
  • Known-vulnerable library issues without evidence of exploitability
  • SSL/TLS protocol vulnerabilities
  • Best practice concerns without evidence of vulnerability
  • Vulnerabilities affecting outdated or unpatched browsers
  • Brute forcing promo/coupon codes
  • Social engineering attacks
  • Email/Phone number enumeration

Rewards

Our minimum reward or bounty is ₹1000. There is no maximum reward. Each bug is awarded based on severity, scope, and exploit level.

Critical & High severity valid bug reporters will be listed on Sailspay’s Wall of Fame.

Report Vulnerability at:

vdp@Sailspay.com