BigCommerce

  • $50 – $2,500 per vulnerability

New Targets added

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some recent changes/updates to (TARGET) on the BigCommerce program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new: (list all updated scope below):

Name URL Description Change Severity
Bigcommerce.com *.bigcommerce.com Bugs reported on these domains will now be accepted on a case-by-case basis Added High
Bigcommerce.net *.bigcommerce.net Bugs reported on these domains will now be accepted on a case-by-case basis Added Medium
mybigcommerce.com *.your-store.mybigcommerce.com Bugs reported on these domains will now be accepted on a case-by-case basis Added Medium/Low

iOS Application: https://apps.apple.com/au/app/bigcommerce/id1418570678
Android Application: https://play.google.com/store/apps/details?id=com.bigcommerce.mobile

We handle exceptions in the above Scope on a case-by-case basis.

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Looking forward to hear from you all.

Remember to Out hack `em all.