Detailed Rules for ExFinex Reward Activities
ExFinex has set up three levels of vulnerability rating and reward rating rules, namely, [serious], [high-risk], [low-risk], in order to attract the help and support of users and security guard.
[Serious vulnerability] above 5 ETH
[High-risk vulnerabilities] 3-5 ETH
[Low-risk vulnerabilities] 1-3 ETH
ExFinex classifies vulnerabilities into three levels according to the degree of vulnerability damage, namely, [serious], [high-risk], [low-risk]. ExFinex will provide you with a generous reward after verifying the vulnerabilities, and will do its best to repair the vulnerabilities at full speed. Specific criteria are as follows:
Serious loopholes refer to the management and control systems that occur in the core system business systems (core control systems, domain control, business distribution systems, fortress machines, etc.), which can manage a large number of systems, can cause a large area of impact, obtain a large number of (according to the actual situation, as appropriate) business system control rights, access to the core system administrator rights and can control the core system.
Multiple Machine Control in Intranet
Kernel Super Administrator's Access to Background Super Administrator's Privileges and Large-scale Enterprise Core Data Leakage can cause tremendous impact
· System privilege acquisition (getshell, command execution, etc.)
SQL Injection (Background Vulnerability Degradation, Packaging and Submission Improvement)
Arbitrary File Reading
XXE Vulnerability for Accessing Arbitrary Information
Ultra vires operations involving money, payment logic bypass (need to ultimately make use of success)
Serious logic design and process defects. It includes but is not limited to any user login vulnerabilities, batch modification of any account password vulnerabilities, and logic vulnerabilities involving the core business of the enterprise, with the exception of authentication code explosion.
Other vulnerabilities that affect users on a large scale. Including but not limited to storage XSS that can be automatically propagated on important pages, storage XSS that can obtain administrator authentication information and be successfully utilized, etc.
Interaction is required to affect the vulnerabilities of the user. It includes but is not limited to storage XSS for general pages, CSRF for core business, etc.
Ultra vires operation. It includes, but is not limited to, modification of user data and execution of household operations by circumventing restrictions.
Vulnerabilities caused by successful exploding of system sensitive operations such as arbitrary account login and arbitrary password retrieval caused by verification code logic can be exploded.
The leakage of sensitive authentication key information stored locally needs to be utilized effectively.
Local Denial of Service Vulnerability. Includes but is not limited to client local denial of service (parsing file format, network protocol crash), Android component privileges exposure, common application privileges caused by problems.
General information leaks. Including but not limited to web path traversal, system path traversal, record browsing, etc.
Reflective XSS (including DOM XSS/Flash XSS)
URL jump vulnerability
Short Message/Mailbox Bomb
Other vulnerabilities that are less harmful and cannot prove harmfulness. (e.g. CORS vulnerability where sensitive information is not available)
Send details of the vulnerabilities you found and demonstration attachments (pictures/videos/text descriptions) to the staff at the bottom of the page, and attach your ExFinex account UID.
Or send an e-mail to email@example.com.
When vulnerabilities and levels are verified, the reward will be paid to your ExFinex account within 1 to 3 working days.
In order to provide a safer, faster and more convenient trading platform for block chain asset holders and ExFinex users, I hope you will not publish it until you receive feedback and vulnerability repair. Thank you very much for your support!