Responsible Disclosures

We periodically conduct security testing over random sites related to government agencies, defense agencies, private and public sectors and help them secure their sites and services. We also accept responsible disclosure across the globe. We offer a platform for ethical hackers to report their findings to appropriate organizations and help them to fix it. In our end we keep every research in controlled environment and always keep reporter as well as organization information confidential even after the vulnerability is fixed.

At CCFIS we follow some of the basics of response disclosure:
  • Our research team gets a reasonable amount of time to address different vulnerabilities related to security before publishing our findings, if required to.
  • We work as team and make good faith efforts to avoid the violation of privacy and data destruction, and either degradation of service or interruption of services during our testing and result.
  • Our only target is for the purpose of the security research and never attempts to provide any harm or disrupt another user’s services.
It is a myth that hackers can’t discover vulnerabilities at their own. Everyone in today’s world wants to get access of others information and use them to their benefit and at the same time want to hide and secure their information from the outer world. They are adapting new technologies in order to get the access. At the same it is important that the hacker is using the vulnerabilities to either benefit themselves or the company by providing them with all their loopholes and vulnerabilities. We as a white hacker try to find all the flaws and security holes that would help your organization to come up with the latest patches that could overcome all the newly identified vulnerabilities.

We know that white hackers are always welcomed. So our research is carried in such a manner that it follows all the rules and policies that are there to be followed by our team.

CCFIS Responsible Disclosures

Name of the Company Vulnerability type Date of Submission Date of Fix Response/Reward
Information Disclosure Feb 2nd 2014 Feb 3rd 2014 Hall of Fame in Nokia Sec Page
File Upload XSS May 16th 2014 Not Fixed yet Letter of Appreciation
Reflected XSS May 24th 2014 Issue Fixed Hall of Thanks and T-shirt
SQL Injection May 27th 2014 May 28th 2014 Letter of Appreciation
Information Disclosure May 30th 2014 May 30th 2014 Letter of Appreciation
File Upload XSS June 2nd 2014 June 5th 2014 Hall of Fame In sec page
Information Disclosure June 3rd 2014 June 3rd 2014 Hall of Fame in Automattic Sec Page
Path Disclosure June 11th 2014 June 11th 2014 Hall of Fame in Pure Vpn sec page
Cross Site Scripting July 15th 2014 July 15th 2014 Hall Of Fame in Google Security Page
Authentication Issue July 16th 2014 July 17th 2014 Hall Of Fame in Transload IT Sec Page
Session Invalidation July 18th 2014 July 19th 2014 Letter of Appreciation
Stored Cross Site Scripting July 19th 2014 July 21st 2014 T shirt and Appreciation letter
sony hall of thanks Enumeration and Cryptographic Issue July 31st 2014 3rd September 2014 Recognition in Hall of Fame
Cross Site Scripting August 1st 2014 6th September 2014 Wall Of Fame
SQL Injection August 5th 2014 August 8th 2014 Hall of Fame in Mc-Prohosting Sec Page
Cross Site Scripting July 31st 2014 January 13th 2015 Hall of Fame
Cookie Issue July24th 2014 December 20nd 2014 Hall of Fame
Android App Bug January 26 2015 January 28 2015 Hall of Fame
Tabnapping Vulnerability February 24th 2015 February 26th 2015 Hall of Fame+ Swag
Cross Site Scripting January 28th 2015 January 29th 2015 Hall of Fame
XSS and TabNap March 21st 2015 March 24th 2015 Mail of Appreciation
DOM XSS March 15th 2015 March 16th 2015 Mail of Appreciation
Cookie Issue and XSS April 8th 2015 April 8th 2015 Mail of Appreciation
Url Redirection May 8th 2015 May 8th 2015 Hall of Fame
Url Redirection April 17th 2015 April 28th 2015 Reward
Content Spoofing May 8th 2015 May 16th 2015 Reward
Stored Cross Site Scripting May 17th 2015 June 15th 2015 Reward
Stored Cross Site Scripting June 19th 2015 June 22nd 2015 Hall of Fame
Stored Cross Site Scripting June 22nd 2015 June 22nd 2015 Hall of Fame
Email Spoofing June 29th 2015 July 8th 2015 Hall of Fame
Tabnapping Vulnerability July 13th 2015 July 18th 2015 Swag
Stored Cross Site Scripting July 17th 2015 July 21st 2015 Hall of Fame
HTML injection July 18th 2015 July 22nd 2015 Hall of Fame
Stored Cross Site Scripting July 22nd 2015 August 10th 2015 Hall of Fame/gifts
HTML injection and XSS July 22nd 2015 July 23rd 2015 PDF Acknowledgement/SWAG
Subdomains not whitelisted July 13th 2015 July 18th 2015 Swag
Url Redirection August 2nd 2015 August 4th 2015 Mail of Appreciation
Stored Cross Site Scripting August 1st 2015 Reward
HTML injection August 1st 2015 August 11th 2015 Reward
Reflected XSS August 7th 2015 August 11th 2015 Hall of Fame