Skip to content

Vulnerability Disclosure Program

on

Introduction

At Mediahoki, we are committed to ensuring the safety and security of our online platforms. We take user privacy and system security very seriously. As part of our ongoing efforts to improve the security of our systems and services, we invite collaboration from ethical hackers and external security researchers through our Vulnerability Disclosure Program (VDP).


Guidelines

  • Notify us promptly once you discover a genuine or potential security vulnerability.

  • Avoid causing harm: Please refrain from privacy violations, negatively impacting user experience, disrupting production systems, or manipulating or destroying data.

  • Limit your exploitation: Use exploits only as necessary to confirm the existence of a vulnerability. Do not use exploits to exfiltrate data, gain unauthorized access, or pivot to other systems.

  • Do not share vulnerability information: You are prohibited from discussing the vulnerability with third parties or disclosing it before we’ve had the opportunity to resolve the issue.

  • Quality over quantity: Ensure that your vulnerability reports are clear, detailed, well-researched, and reproducible.

  • Sensitive data handling: If you encounter sensitive data, such as personally identifiable information, financial data, or proprietary data, immediately cease testing, notify us, and do not share this data with anyone else.


Scope

Our Vulnerability Disclosure Program covers all publicly accessible IT systems owned by Mediahoki.

Websites:

  • *.mediahoki.com

Vulnerabilities

The following types of vulnerabilities qualify for submission under our security program:

  • XSS (Cross-Site Scripting)
  • CSRF (Cross-Site Request Forgery)
  • SSRF (Server-Side Request Forgery)
  • SSTI (Server-Side Template Injection)
  • SQL Injection
  • XXE (XML External Entity)
  • RCE (Remote Code Execution)
  • LFI/RFI (Local/Remote File Inclusion)
  • Authentication/Authorization flaws

Out of Scope Vulnerabilities

Certain types of issues fall outside the scope of our program, including:

  • Security concerns with no immediate exploitability
  • Social engineering attacks
  • Physical access vulnerabilities
  • Denial of Service attacks
  • Email Spoofing
  • Lack of jailbreak detection or obfuscation
  • Reports about missing HTTP security headers (unless demonstrated with a clear PoC)
  • Insecure SSL/TLS ciphers or weak signature algorithms (unless proven exploitable)
  • Libraries with known vulnerabilities (unless proof of exploitation is provided)

Safe Harbor

As long as you comply with our guidelines, your activities will be considered authorized, and we will not take legal action against you. If a third party attempts to take legal action against you for activities done in compliance with this policy, we will support your defense by demonstrating that you were acting within our rules.

If you're uncertain about whether your research is aligned with our policy, feel free to contact us for clarification before proceeding.


What You Can Expect from Us

This is not a bug bounty program, so there is no monetary reward. However, we appreciate your efforts and will acknowledge your contributions in the following ways:

  • A timely response to your report (within 5 business days).
  • Coffee or beer at our office (location TBD) to discuss your findings.
  • A badge on your community profile for critical discoveries.

Reporting

To report a vulnerability, please email us at: vulnerability@mediahoki.com


Report Language
Please submit your reports in English or German.


Report Template

Please use the following template when submitting your vulnerability report:


# Description

Provide detailed information about the vulnerability.


# Proof of Concept

Include any relevant screenshots or code.


# Steps for Reproduction

Outline the steps to reproduce the issue in a clear, step-by-step manner.


# Supporting Materials

Attach any supporting materials, such as screenshots, logs, etc.


Thank you for helping us improve the security of Mediahoki!

    Drawer Title

    This website uses cookies to ensure you get the best experience on our website.

    Similar Products
    See Newest Apple models! Гамбургер-меню