● SEC / OPS — Responsible Disclosure

TeleLive Bug Bounty

Found a bug? Nice work — open a ticket. Critical security issue? Call us and say code 4.

Open ticket Security call

telelivee.ir + API

Responsible disclosure

Code 4 = security

Submit report (ticket)

Technical bugs, UI, account, or content — use the form below.

Clear reports with PoC and repro steps get reviewed faster. Thanks for helping secure TeleLive.

report.sh — session_active

Scope

telelivee.ir

Main website, dashboard, live streaming, chat, payments, and accounts.

API & realtime services

Official /api/* endpoints and TeleLive services on this domain.

WebSocket / Socket.IO

Live chat and realtime via telesocket.liara.run (Socket.IO).

Out of scope

DoS, phishing, social engineering, automated scans without PoC, third-party, unofficial subdomains.

Severity guide

Critical

RCE, mass sensitive data exposure, SQL/command injection with high impact.

High

Account takeover, sensitive IDOR, high-impact SSRF, stored XSS with privilege escalation.

Medium

State-changing CSRF, reflected XSS, limited information disclosure.

Low

Minor misconfigurations without direct exploit, GET open redirects.

Rules & limits

01Do not download, modify, or delete user data.
02No DoS/DDoS, brute force, or spam.
03Do not publicly disclose before we fix the issue.
04One vulnerability per report; duplicates are merged.
05Test only on your own assets or with the channel owner’s consent.
06Automated scanner output without attack scenario and PoC is out of scope.

TeleLive Bug Bounty

Submit report (ticket)

Scope

telelivee.ir

API & realtime services

WebSocket / Socket.IO

Out of scope

Severity guide

Rules & limits

Anuncio del sitio

به سایت ما خوش اومدید

TeleLive Bug Bounty

Submit report (ticket)

Scope

telelivee.ir

API & realtime services

WebSocket / Socket.IO

Out of scope

Severity guide

Rules & limits

به سایت ما خوش اومدید

Informar un problema