Report Bug/Profile

bebaha.com Bug Bounty

bebaha.com is launching a bug bounty program to foster collaboration amongst security professionals. With this program, we believe we can help protect our members' personal information from malicious activity due to vulnerabilities against our networks, web and mobile applications and set security policies across our organization. We treat the security and safety of our members' personal information with the utmost importance.
For the protection of our members, bebaha.com does not disclose, discuss or confirm security matters until comprehensively investigating, diagnosing and fixing any known issues.
Program Rules
Do not intentionally harm the experience or usefulness of the service to others, including degradation of services & denial of service attacks.
Do not attempt to view, modify, or damage data belonging to others
Do not disclose the reported vulnerability to anyone else until we've had reasonable time to fix it.
Bounty Eligibility
You must be 18 or older to be eligible to participate in this program/award.
You must agree and adhere to the Program Rules and Legal terms as stated in this policy.
You must be the first to report the issue in order to be eligible for bounty*.
You must be available to supply additional information, as needed by our team, to reproduce and triage the issue.
bebaha.com Partners, employees and their friends are not eligible for participation in this program.
Targets Eligible for Reward
Currently, we offer monetary rewards along with certificate of appriciation only for the properties listed below. Subdomains not specifically listed are not included in the Targets Eligible for Reward.
Subdomains not specifically listed are not included in the Targets Eligible for Reward.
If you have found a vulnerability in a bebaha.com site or app not contained within this list, you can still submit, and bebaha.com will triage the report. These types of reports will not result in a monetary reward but valid reports that are resolved are eligible for certificate of appreciation.
bebaha.com and its all community domains *
bebaha.com iOS & Android apps
Many of our sites (including community domains) share a common platform. Because of this, a vulnerability reported on one domain may exist on another domain if the issue exists in the shared platform itself. For example, an issue reported for bebaha.com may also present in the exact same way on tamilshaadi.com and the issue will be resolved on both sites with the same fix. We ask that you take the time to try to confirm this first, and include the other vulnerable locations in one report rather than submitting multiple reports. In these cases, we treat the issue as one bug and will close out others as duplicates. Rest assured, we do take the existence of a vulnerability present on multiple sites into consideration during reward time.
Please consider the following when reporting issues:
Many of our sites (including community domains) share a common platform. Because of this, a vulnerability reported on one domain may exist on another domain if the issue exists in the shared platform itself with the same root cause.
It speeds up the triage process if you include in your one report other locations where the same bug is present.
When in doubt, please file a single report and write down your thoughts. If we think you found different vulnerabilities, we'll be more than happy to let you file another bug.
Exclusions
Attacks dependent upon social engineering of bebaha.com employees or vendors
Attacks requiring physical access to a user's device
Attacks requiring physical access to device or MiTM
CSRF on forms that are available to anonymous users
CSRF on logout
Clickjacking, without additional details demonstrating a specific exploit
Contact information of the member received via any front-end feature working as desired e.g. a type of premium membership may allow free members to access to premium contact details. Content spoofing / text injection
Cookies that lack HTTP Only or Secure settings for non-sensitive data
Denial of Service attacks
Descriptive error messages or headers (e.g. Stack Traces, application or server errors, banner grabbing)
Disclosure of known public files or directories Enforcement policies for brute force or account lockout
Host Header Injectionx
Hyperlink injection in emails using forms available to any user Issues related to active sessions after password changes.
Mail configuration issues including SPF, DKIM, DMARC settings
Missing security headers without additional details or a POC demonstrating a specific exploit Mixed content issues
OPTIONS / TRACE HTTP method enabled
Outdated software / library versions
Password and account recovery policies
Presence of autocomplete functionality in form fields
Publicly accessible login panels
Rate-limiting issues
Reports resulting from automated scanning utilities without additional details or a POC demonstrating a specific exploit
SSL/TLS best practices
XSS, Self-XSS and issues exploitable only through XSS and Self-XSS Use of a known-vulnerable library without a description of an exploit specific to our implementation
Username enumeration based on login or forgot password pages bebaha.com reserves the right to add to and subtract from the Exclusions list depending on evaluated severity of reported vulnerabilities and risk acceptance.
Rewards
All bounty amounts will be at the discretion of the bebaha.com Bug Bounty team, which will be evaluated for severity, impact, and quality of the report to determine the bounty level. There could be submissions which we accept the risk and will not fix.
Leaks entire database in one go - High
Bounty of INR 15,000 + Certificate of Appreciation
Leaks contact details one by one through trial and error - Medium
Bounty of INR 10,000 + Certificate of appreciation
Leaks contacts of 'accepted' members without payment - Low
Bounty of INR 5,000 + Certificate of Appreciation
What to include in your report
A well written report will allow us to more quickly and accurately triage your submission. So please include:
A clear description of the issue, including the impact you believe it has to the user, bebaha.com, others.
Specific reproduction steps including the environment used for testing (browsers, devices, tools, configuration) and any accounts used during testing. Your recommendations to resolve the issue. You can email your report at help@shaadi.com with subject as "Bug Bounty" and your contact deails mentioned in it. Legal
bebaha.com reserves the right to modify terms and conditions of this program and your participation in the program constitutes acceptance of all terms. Please visit this webs site regularly as we routinely update our program terms and its eligibility, which will be effective upon posting. We reserve the right to cancel this program at any time without any notice any obligation or any liability to anyone.

I am unable to contact a member through the phone number mentioned on his/her profile as the number is not operational. What should I do?

It seems the member has not updated his/her latest phone number. You may contact the member through other communication mode like email/chat and leave your contact details. Alternatively, please report such profiles to us by following the below steps: Open the profile and click the down arrow icon at the top right.
Select "Report Profile/Photo" then "Fake/Misleading Profile".
Select "Phone number is incorrect/unreachable" and click "Submit".
Provide any additional info/screenshot and click "Continue".
We shall disable the contact number after verifying the same.

I have come across a profile which seems to be suspicious. What should I do?

We continuously strive to keep our site clean by having zero tolerance for such profiles.
Please report such profiles to us by following the below steps:
Open the profile and click the down arrow icon at the top right.
Select "Report Profile/Photo" then "Inappropriate/Unacceptable behavior".
Select the appropriate option and click "Submit".
Provide any additional info/screenshot and click "Continue".
We will investigate and take the necessary action against the profile.

Helpline: 01752-995233 or Write us Facebook: fb.com/bebahadotcom

Why register on Bebaha.com?

aa


No.1 rated site
Most recommended
matchmaking service

History of success
5 Million Matches
and counting!

100% Privacy
100% Control on your
Photos and info

Fully secure
Patent pending technology
for your safety