Webinterface query paused for performance reasons - click to continue working

ZAP-Hosting.com Logo Rent a server ··· ···
Support
support@zap-hosting.com Blog
$
/en
  • de Deutsch
  • en English
  • Frontpage
  • Gameserver
  • TeamSpeak 3
  • Ts3-/Discord MusicBot
  • vServer
  • Rootserver
  • Dedicated server
  • Webspace
  • Domain
  • Partner
  • Blog
ZAP-Hosting.com Logo
  • Gameserver
  • TeamSpeak
  • vRootServer
  • Dedicated server
  • FiveM
  • Webspace & TLDs
  • Lifetime
Server instant online

... configure, pay, enjoy!

ZAP-Hosting Bug Bounty Program

Nobody is perfect. In order to secure our services and customers, we reward reports of security vulnerabilities.

The program

Important: This program is not meant for non-security related bugs in the web interface or within one of our products. Please create a regular ticket and we will help you as soon as possible.
If the rules of the program are followed, we will not take any legal action. You should receive a first answer after a maximum of 72 hours.

Eligibility

  • You must be the first person to report the vulnerability.
  • Keep report information confidential (if you want to disclose it to the public, please get back to us).
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Don’t access any sensitive data unless needed to confirm the vulnerability (e.g. run id instead of dumping /etc/passwd). If you accessed critical data, please explain us the scenario when reporting.
  • Report the vulnerability as soon as possible after finding it.
  • Do not use automated tools (e.g. sqlmap).
  • Provide a clear PoC (demonstrating the impact) and steps to reproduce the issue.
  • Create a maximum of two accounts (should be enough to test every possible scenario).

Report & Bounty

Please report the found vulnerability by creating a ticket and selecting “Security vulnerability” as the reference. This enables us to assign your message and process it as quickly as possible. Please send us only one vulnerability per report. Note: Please do not send vulnerabilities via other channels such as the mail listed below.

In reward for helping us hardening our security and securing our customers data, we will decide on a bounty reward for your work.

Scope

  • zap-hosting.com
  • rest.zap-hosting.com
  • A server within the ZAP-Hosting network, that does not belong to a customer

Exclusions

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of ZAP-Hosting staff and data centers
  • Any physical attempts against ZAP-Hosting properties and data centers
  • Missing cookie flags on non-sensitive cookies
  • CSRF (without a clear PoC demonstrating the security impact)
  • Information disclosure of non-sensitive data
  • Descriptive error messages (e.g. stack traces or server errors)
  • Open redirects without a PoC showing a critical impact
  • Reports on outdated versions without a PoC
  • Captcha Bypass
  • Self-XSS without a PoC that demonstrates a possible impact on other users
  • Missing HTTP security headers
  • Issues just reproducible in extremely outdated web browsers
  • Recently disclosed 0-days in WordPress for example

If you think you found a vulnerability, which is listed above or not specifically in scope, but has a reasonable security impact, please feel free to report it nonetheless. We will gladly take a look at it.

In case of any questions: security@zap-hosting.com (please do not report vulnerabilities to this address)

Bug Bounty

Of course we are grateful for your work and reward you with one of the following things.

Money
ZAP Coins

Report vulnerability

You discovered a vulnerability? We are looking forward hearing from you and resolving the issue together!

Report now
Create ticket via mail
average response time:
8 Minute(s)
Confirm login
VPS/Root-/Dedicated servers
  • VPS hosting
  • - Linux VPS
  • - Windows VPS
  • - FreeBSD VPS
  • Rootserver hosting
  • - Linux Rootserver
  • - Windows Rootserver
  • - FreeBSD Rootserver
  • Dedicated server hosting
Gameserver
  • Game-server hosting
  • - FiveM servers
  • - Minecraft servers
  • - DayZ servers
  • - Palworld servers
  • - BeamMP servers
  • - Enshrouded servers
  • - Counter-Strike 2 servers
  • - Valheim servers
  • Buy a lifetime game-server
& more
  • Buy a lifetime server
  • Server hosting
  • TS3 server hosting
  • TS3/Discord musicbot hosting
  • Discord Bot hosting
  • Domain hosting
  • Webspace hosting
  • Buy Execute CDs
  • Our partners
  • Affiliate program
ZAP-Hosting
  • Hoster comparison
  • Changelog
Contact us ..!
  • info [at] zap-hosting.com
Follow us ..!
Legal
  • Terms
  • Imprint
  • Privacy Policy
  • Security
  • JOBS
All gamecontent and trademarks are the property of their respective owners - all rights reserved
Copyright 2010 - 2025 ZAP-Hosting.com. Alle Rechte vorbehalten.
ZAP-Hosting GmbH - Hafenweg 8 - 48155 Münster
Alle Preise inkl. gesetzl. MwSt. des jeweiligen EU-Landes
USt.-ID: DE 320366231
SOON...

... our Board will be available and you'll be able to exchange with other customers or members of our ZAP Community.

We are still working on optimizing everything to make the experience perfect.
The new board will get a brand new Design and a much more clear view. Be excited!


Login or register

Log in to your ZAP account or register now. The registration is free, there are no duty of payment. All products are also available as prepaid products. That means, if you do not continue paying your server, it will be closed automatically without any costs.

Logged in successfully!
Your login is being checked..

Confirmation required

Login or register

Register at ZAP and become part of the ZAP community.
Experience a beautiful control panel to manage your servers. 🚀

Logged in successfully!
Your login is being checked..
Login or register

Forgot your password? No Problem! Just enter your username or e-mail address here. We will send you a link to reset your password.

Logged in successfully!
Your login is being checked..
Change password