Program stats

89 vulnerabilities rewarded

about 2 months average response time

Latest hall of famers

Recently joined this program

OnePageCRM converts leads to customers fast. It does it in a beautiful user experience on one, simple, dashboard

Targets

Out of Scope Targets

dev.onepagecrm.com
blog.onepagecrm.com
forum.developer.onepagecrm.com
www.onepagecrm.com
staging.onepagecrm.com

Please sign up to OnePageCRM with an address in the format name+bugcrowd@example.com

Out of Scope Bugs
• Banner/version disclosure
• DDOS attacks
• CRIME/BEAST attacks
• Social Engineering
• Brute force password cracking
• Issues that cannot be reproduced
• Username enumeration
• Previously reported bugs
• Bugs specific to unsupported browsers/plugins
• Bugs that rely on impractical user action
• Logout cross-site request forgery
• URL redirection
• Cross-Site Scripting (XSS)

Focus Areas:
• Cross-Site Request Forgery (CSRF/XSRF)
• Broken Authentication
• Remote Code Execution
• Privilege Escalation

Rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for Informational (P5) findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.