OnePageCRM converts leads to customers fast. It does it in a beautiful user experience on one, simple, dashboard

Targets

In scope

Out of Scope Targets

dev.onepagecrm.com
blog.onepagecrm.com
forum.developer.onepagecrm.com
www.onepagecrm.com
staging.onepagecrm.com

Please sign up to OnePageCRM with an address in the format name+bugcrowd@example.com

Out of Scope Bugs
• Banner/version disclosure
• DDOS attacks
• CRIME/BEAST attacks
• Social Engineering
• Brute force password cracking
• Issues that cannot be reproduced
• Username enumeration
• Previously reported bugs
• Bugs specific to unsupported browsers/plugins
• Bugs that rely on impractical user action
• Logout cross-site request forgery
• URL redirection
• Cross-Site Scripting (XSS)

Focus Areas:
• Cross-Site Request Forgery (CSRF/XSRF)
• Broken Authentication
• Remote Code Execution
• Privilege Escalation

Rules

This program follows Bugcrowd’s standard disclosure terms.

This bounty requires explicit permission to disclose the results of a submission.