Shortezshortez.net
Back to Home

Vulnerability Disclosure Program

Shortez VDP - Report security vulnerabilities responsibly and help us keep our platform secure.

Want to be recognized?

Check out our Hall of Fame to see security researchers who've helped us.

View Hall of Fame
How to Report a Vulnerability
1

Describe the Vulnerability

Clearly describe the security issue you found. Include the potential risk/impact.

2

Steps to Reproduce

Provide detailed steps to reproduce the vulnerability so our team can verify it.

3

Send to Our Security Team

Email your report to: vdp@shortez.net

Response Time

We Will Reply Within 24 Hours

Our security team will acknowledge your report within 24 hours and provide updates on the progress.

Severity Ratings
P1Critical
Immediate action required
P2High
High priority fix
P3Medium
Scheduled fix
P4Low
Low priority fix
P5Informational
Informational only
DupDuplicate
Already reported (we will provide valid proof)
Important - Not a Bug Bounty Program

This is a VDP, NOT a Bug Bounty Program

Shortez operates a Vulnerability Disclosure Program (VDP), not a Bug Bounty Program. This means:

  • We appreciate and value every valid security report
  • All kinds of vulnerabilities are allowed to report if they have valid impact
  • Payment for reports is at our sole discretion
  • We do NOT guarantee payment for every report
  • All valid reporters will be recognized in our Hall of Fame
Submit Your Report

Email: vdp@shortez.net

Please include in your report:

  • Your name (or pseudonym) for Hall of Fame
  • Your social media links (optional)
  • Detailed description of the vulnerability
  • Risk/impact assessment
  • Steps to reproduce
  • Any proof-of-concept (if applicable)
In Scope

We welcome reports of any security vulnerability that has valid impact on the following domains:

shortez.net (*.shortez.net)
shortez.top (*.shortez.top)
pornhub.gold (*.pornhub.gold)
github.help (*.github.help)
azure.net.im (*.azure.net.im)
viponly.me (*.viponly.me)
movielink.click (*.movielink.click)
tmplink.xyz (*.tmplink.xyz)

All types of security vulnerabilities with valid impact are welcome, including but not limited to: authentication issues, authorization flaws, XSS, SQL injection, CSRF, IDOR, data exposure, and more.

Out of Scope

The following issues are out of scope and will not be considered:

  • Self XSS
  • Clickjacking
  • HTML Content Injection / Content Spoofing
  • Reflected File Download (RFD)
  • Man in The Middle Attack
  • Missing HTTP Security Headers
  • Software Version Disclosure
  • Path Disclosure
  • Image Metadata / EXIF Data
  • Missing Cookie Flags
  • Best Practice Violations
  • DDoS / Rate Limiting
  • Social Engineering / Phishing
  • Issues requiring physical access
  • Denial of Service vulnerabilities
  • TLS/SSL Configuration Issues
  • Banner Grabbing
  • Open Port Enumeration
  • DNS Configuration Issues
  • Spam or Bulk Activity

By submitting a report, you agree to follow responsible disclosure guidelines.