Last Revised: 2020-05-25 13:08:37
At Hostinger International Ltd, we promote responsible disclosure of all security vulnerabilities on our website or in any of our services. To encourage this responsible disclosure, we agree that if, in Hostinger’s sole discretion, we settle that any disclosure meets complete guidelines of Bug Rewards Program of Hostinger International Ltd, we will not raise any criminal or private legal action counter to the disclosing party.
Hostinger International Ltd. offers monetary bounties for the responsible disclosure of certain qualifying security vulnerabilities. Our Bug Rewards Program works as follows
All subdomains under hostinger.com are in-scope except the ones used in 3rd party services, e.g.:
Hostinger International Ltd. will accept a report of any vulnerability that substantially affects the confidentiality or integrity of any eligible Hostinger International Ltd. service. Eligible vulnerabilities include, but are not limited to:
If a domain is not contained inside hostinger.com, it will not be included in the scope of third party programs, plug-ins and the Bug Rewards Program.
All researchers participating in the Bug Rewards Program may please note that certain actions do not come within the scope of this program. The non-qualifying actions under the Bug Rewards Program are:
All bounties are awarded at the discretion of the Hostinger International Ltd. Bug Rewards Team, based on the severity of the reported vulnerability. Where an award is made, the minimum amount of the bounty will be Fifty Dollars ($50.00). Only one (1) bounty will be awarded per security bug. The awards will be made to the first researcher to responsibly disclose a particular bug.
Investigating and Reporting:
The security researcher submitting a vulnerability must thoroughly vet and confirm the vulnerability prior to submission. All submissions must include the following:
To report a vulnerability, please send an email to email@example.com
Making a detailed and step by step report for bug reproducing is recommended. Please include all details such as links clicked, User Ids and links of web pages visited.
Adding more details such as images and videos helps make it clear. Do add any image captions or brief descriptions wherever possible to make the information more useful.
Vulnerability verification becomes easier and quicker by using consistently reliable exploit code.
All information and data accessed or collected under the Bug Rewards Program about Hostinger’s employees or Hostinger International Ltd, has to be kept absolutely confidential and to be used only for actions directly connected to the Program. Any confidential information needs Hostinger’s written consent before it’s disclosure. Vulnerabilities can be disclosed only after all suitable remediation has been completed. If any confidential information is disclosed without Hostinger’s prior written consent, it will lead to an immediate elimination from the Program.
If and when Hostinger uses any third-party service provider to manage its Bug Rewards Program, the provider’s terms and conditions will be applicable. Hostinger has the final discretion to pay or not pay the reward. Since this is a discretionary rewards program, it is liable for cancellation at any given time.