Last updated: Dec 03, 2021

Security Disclosure

PinoyJobsOnline takes security seriously in our business and is committed to fixing all reported vulnerabilities in a timely manner. We would appreciate having access to any and all evidence of vulnerabilities disclosed so that PinoyJobsOnline may analyze them as well.

PinoyJobsOnline is willing to reward security researchers for vulnerability disclosures that help to improve security.

For a security researcher to claim a reward:

  • You pledge to not leak, modify, or delete any of your data or anyone else's data and that you will not defraud other PinoyJobsOnline users in the process of vulnerability discovery on PinoyJobsOnline.
  • Provide a reasonable time-frame for PinoyJobsOnline to fix these errors.
  • A reproducible vulnerability report.

PinoyJobsOnline gives safe-harbour to security researchers who abide by the guidelines.

 

Rewardable Discoveries

  • Exploitable authorization and authentication errors, 
  • JWT or CSRF session issues with exploitable PoC.
  • Data Leaks,
  • SSRF, RCE, SQL, XML, XXE Injection, 
  • XSS, both stored and reflected.

 

Non-Rewardable Discoveries

  • About which software we use. (It’s already in Acknowledgements.)
  • Error messages, stack traces
  • Spamming or DoS attacks,
  • Lack of Secure, HttpOnly flags in cookies, not considered sensitive
  • Missing SPF records
  • Misconfigured or lack of certain HTTP headers
  • Exploits that cannot be exploitable in modern browsers



Where do I report security issues?

Security issues can be reported via email to customer-care@pinoyjobsonline.ph

Sensitive reports can be encrypted with following PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGGoMCcBEADEGJdPQvMOCb8R9i21zgwmybf60IOguc93mQeK1ruMO52gfkmV
qJwl4Tuu3YidsZkuFU2X615SRvd8NUfenY5/pJpaAuROBC5Q8Xn62pSOJUKsh3wy
yEMLDn867+qvuT8jYtmoBhK3ByLGnNxJM/b0tK06nOk7+dEI1HvSD8eQ54ChUGKa
kFylC2tstFDGB1CCXymc5CmQ17eZO2LNn4jKChqbTM2DR+JpNL1l+OWFkPDAbhVy
KLqa3lte+M8Bv4WTPNiXxOjeHTk/r189mTHdwUplm2ZekkuGZKiju7r23bserkMB
7kbgHNwPu7RJeD2HQv3UEUMPjVZbBQU46AFnT/GJkb5AVDoyDWDKwyU3WPKwM4g5
Wraph63FJKUTQLwy0kJGSvfYwJq5qkKfJDhWdmRD/51afGasB97VMuNVzu4Wnfay
9TtJOISR7Vk8ZIffU8vJLUAhxoBFoUPoWMQY1v2ANSbuJoJXD2mcLI+M7L+uEqiX
4SzFxw6uMxCqSwNXsd+1SFBfNKoTQrVgM/v68Kcr0L42wBdCs6tFyBW0N0mD950U
NleDDZojMU3d8EAktPwkcMn1eek9kvob9HgrWuPCWUZBZYVGbJmmAS5MSJOGKT+w
0YxvwAmKqyB6T+DqHk8VRG90mEWyi1pcCbsFQwYSOimmOlgWDk2DUYCNbQARAQAB
tDhTdXBwb3J0IChQaW5veSBKb2JzIE9ubGluZSkgPHN1cHBvcnRAcGlub3lqb2Jz
b25saW5lLnBoPokCTgQTAQgAOBYhBCycNpLfkut+7EFvnrgG//0Nt3oBBQJhqDAn
AhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELgG//0Nt3oBSzgP/iNTS5lR
lq7JDno5oWPTGVsUxIxEBNQkVWQucpBuyv1PmD8rPewu24rIPtJ8b5Ky7icQsBYc
41kPmdDZWpRFMb97mgDhbTyGIa6yGHGr+sfTC2EezwKvYF44Apwi4ZoE/jwZ1iwH
16RLNpkoYv7ZuKqu9SluOlOrnjCCVmKI8HmkNHIA9kPwzVIWHmw9mqOklDzvoqCM
RQuvW4XIFunMd65PntETfo8CmDgZfq3JcBZsQRx7hdO75bPOtiuzp2c7D0jKxgOp
rcXvBZT/uhR/zzqtHIUYhs22DkVqW7zIkrIs8IWm+azLL6LQi3zcCeEzAGUYRDTN
PSFUnfs3ABLMIE/3Fpr9IAHjta2B16yjAQkCJ5kScfGiQBsvPz8h0prnbQzEJG6X
hgtJznb2unrHIQaqqm3DMTWkY9dXWOfz2gkNiwVD9Dnd7vpPJoBJZ67cApNps7b2
qw8vjRau3Qf18vJGRiIkoCHuARaGSo2x87ZmU6nPOBICMTAKHWHMwnNooE40Rbo1
Z/XaH/qwmi9qjd3K8R22p6asdPNgC1ifEbLoYTuybWw3uhtvsjsczDdy1UN1mkmZ
RMjw8TfUjU2UyKh7WzMIf7x2h1q4R450uF5V1EbDZunrNBxAkQHRmW8FacJLj4XS
WNNTfOvg+73hANb0gZX2K9yoAfBYM53Sa8U8uQINBGGoMCcBEADa/mDxe2o7SldW
VVsO9oDaPdcPrZspH0AGOVZNmFSzH1pYVW8txRIRPOcrv0mg6RZY3a88Z8n+rY4L
dsL0FbBNkXfUph8VzuA0dMxEzNCzUPJVrx8S+H65BD/TiTffirFhcAaP6ZrtC0us
q+YAnTwr+ADqdNAXKGx1ezXKwQMlJX2yXMCVgy8DacPiMur7sAhgmrZqVJcEFolo
rkIDxPDo7Gh63IThryUHyyYaUayMiWzt0PBs3C3xYRde3v9b6KL8LLQAkEdoxhmg
P2iTYEjAwSpM/QDF733U4ZXQ0iVfpBJxJiv3bYR9KfiEiBVoL/v43KtgFuNJq67K
Z200hefAdYJU2q/PNtOzrTDZu00FekW1FhWZ/zHqvMonBEVPkPZwmUJi8NLi/61a
jCQz5wJ9YsI4fyMtNTZ7DN6NhuWrLdN7N0Ww4MHgcfyGwhYxCODMq+1EMJFf83bC
XhCRM3n15Kn3aHrPVbi279CyEndxxiwDUQmiQlyNuRVutD8qcqx+YJwNKJHvbRxT
ujWLCh/i7nNRrzzglpJflZ38hFeFJkZiEJIVWGjnG3tW4AwKeaY7ZwLF9huaJT7k
Evvp4Wqs/jsX2o4SnzKtYWOEUnJ+KfxXXL0uFrot0/6TKysVSYEhfg2rK3XSSCSk
4qXhN8V3AJ7vDAWPmTmYSPl5sDUFoQARAQABiQI2BBgBCAAgFiEELJw2kt+S637s
QW+euAb//Q23egEFAmGoMCcCGwwACgkQuAb//Q23egEzzA/9ENbnK/izEnGcsxgb
A1g0IxrZir4zKX9TyEY7MJn3rIFwVy2aZczrEPVEe4sOkJaAF0rCC76XeUdiYZCF
J8vuOZdbUbXT8mXe0g1iBBg98iHWT2mN1QlWf2QINaHBPXnjJv8lYxDpZTaKQZ17
1EP/dj70GnlsZopmBx+yueZlt+8mCrl7AsXOWGLY2ermX828I3yey3/eDCXIEVyd
5yL8OY1m/s+7Z8ZUEcVObfSgmBUkpIn4uwLaMH5kXTPbhQYQ8sswCvYy/eO1benh
qa6z1qAtS4bZqytCWA4dV9dwWvOtnnDQrDGg+bKng17rbHXdVvjx9/o5R/7ceUAm
KBkCYPHA4kIUz5nhR2E9ahrtjETvQCPC05v7zlUEfJAouRylUjcW8EwJu5E+5bEX
MESisN7FynB0wLjb6QSBIe1PgdN3+Vx9xbj3SPEJHbe7RlDmgCnaTavl4IBoo9dk
0sS0xLro2T2thtsBVn0Rx12/m3cAyJNhsVxNGCDxUzbQjsAKi6Fgb9Qc9H0V1ANc
9veYMzQUgTQ8BkEgq/M5MtOkR/ZklopabISLgH0cYZp/KMUbahmknPKeG+/I4CSA
y9H96j36DmgQoDbcWsj5yJ41n1RPtV50H24dERixd3QGkhJQcwL/+Dpkc28cFCt2
iYTeSeBztvOmWcJDFb7LuSwBsBY=
=RAEN
-----END PGP PUBLIC KEY BLOCK-----

Hall of Fame

Sanath Vyas (XSS Error)

John Fiel Brosas

Contact Us Privacy Policy Terms of Service Acknowledgments Social Media De-Authorization Cookies Policy News TimeSmart End-User License Agreement TimeSmart FAQ Security FAQ Support FAQ Recommend Pinoy Jobs Online Employer's Verification Site Map

Newsletter

Signup to get all our blog, news, and outsourcing tips delivered in your inbox!

PRIVACY
TOS
CONTACT
SITEMAP
NEWS

- -

© 2020-2021 - PJO