Paytm Bug Bounty

Paytm is commited to security. We reward reporters for the responsible
disclosure of in-scope issues and exploitation techniques.

If you discover a bug, we appreciate your cooperation in responsibly investigating
and reporting it to us so that we can address it as soon as possible.


Paytm Bug Bounty Program offers bounties for security software bugs which meet the following criteria.

In situations where a bug does not warrant a bounty, we may issue a digital certificate. Our certification process is multi-leveled:

Our Hall of Fame page recognizes the contributions of reporters who have demonstrated a high level of dedication to our program.
Acceptance requires multiple valid reports and remains at the discretion of our team.


Vulnerability Categories

# Vulnerability Type Comment
1. Cross-Site Request Forgery ** With significant security impact
2. Cross-Site Scripting ** Self-XSS is out of scope
3. Open Redirects ** With significant security impact
4. Cross Origin Resource Sharing ** With significant security impact
5. SQL injections
6. Server Side Request Forgery
7. Privilege Escalation
8. Local File Inclusion
9. Remote File Inclusion
10. Leakage of Sensitive Data
11. Authentication Bypass
12. Directory Traversal
13. Payment Manipulation
14. Remote Code Execution

We will pay significantly (4 times) more for vulnerabilities which would ultimately result in data leakages, authentication bypasses, code execution or payment manipulations.