
OnePageCRM
Super easy online sales CRM for small business
Points per vulnerability
OnePageCRM converts leads to customers fast. It does it in a beautiful user experience on one, simple, dashboard
Targets
Out of Scope Targets
dev.onepagecrm.com
blog.onepagecrm.com
forum.developer.onepagecrm.com
www.onepagecrm.com
staging.onepagecrm.com
Please sign up to OnePageCRM with an address in the format name+bugcrowd@example.com
Out of Scope Bugs
• Banner/version disclosure
• DDOS attacks
• CRIME/BEAST attacks
• Social Engineering
• Brute force password cracking
• Issues that cannot be reproduced
• Username enumeration
• Previously reported bugs
• Bugs specific to unsupported browsers/plugins
• Bugs that rely on impractical user action
• Logout cross-site request forgery
• URL redirection
• Cross-Site Scripting (XSS)
Focus Areas:
• Cross-Site Request Forgery (CSRF/XSRF)
• Broken Authentication
• Remote Code Execution
• Privilege Escalation
Rules
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
This bounty requires explicit permission to disclose the results of a submission.