Scopes

Websites and API Endpoints pickmycareer.in, api.pickmycareer.in, content.pickmycareer.in are all in scope.

The accepted categories include

• SQL Injection
• Authorization Flaws
• XSS Cross-Site Scripting
• Accessing Premium Features for Free
• Gaining access to the account of other user
• Sensitive Data Exposure
• Vulnerability that affects Data & Financial Transactions of Users

Out of Scope

• DoS & DDoS
• Contact Form Requests
• Automated Scan Reports
• Disclosure of known public files
• Clickjacking
• Email Bombs
• Exploits that require Vulnerable Browsers & Operating Systems