NEXTTECH

NGANLUONG.VN

Nganluong.vn is the pioneer and leading online payment gateway in Vietnam, in terms of products and services, market share coverage and payment volume.

Work with us!

PROGRAM RULES

1. Guidelines
We require that all researchers:

Do not access customer or employee personal information, pre-release Nexttech content, or Nexttech confidential information. If you accidentally access any of these, please stop testing and submit the vulnerability.
Do not degrade the Nexttech user experience, disrupting production systems, or destroy data during security testing.
Use the Email to report vulnerability information to us.
Collect only the information necessary to demonstrate the vulnerability.
Submit any necessary screenshots, screen captures, network requests, reproduction steps or similar to us. (you can use third party file sharing sites but you have to make sure they are not disclosed to anyone other than us).
When investigating a vulnerability, please only target your own account and do not attempt to access data from anyone else’s account.

2. Qualifying vulnerabilities
Any design or implementation issue that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. Common examples include:

Cross Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
SQL Injection (SQLi)
Authentication related issues
Authorization related issues
Data Exposure
Remote Code Execution
Business Logic
Mobile-specific API vulnerabilities
and more...

3. Non-qualifying vulnerabilities
Depending on their impact, some of the reported issues may not qualify. Although we review them on a case-by-case basis, here are some of the common low-risk issues that typically do not earn a monetary reward:

URL redirection
Bugs requiring exceedingly unlikely user interaction
Logout cross-site request forgery
Flaws affecting the users of out-of-date browsers and plugins.
Presence of banner or version information
Email spoofing
DDoS
and more...

4. Services in scope

iOS app
Android app
https://www.nganluong.vn
https://account.nganluong.vn
https://checkout.nganluong.vn
https://alepay.nganluong.vn
Nganluong.vn does not accept responsibility for any third party's bug or other.

Reward range

Severity	Reward range
CRITICAL	10,000,000 - 15,000,000 VND
HIGH	5,000,000 - 8,000,000 VND
MEDIUM	3,000,000 VND
LOW	Thank you!