Personal Capital

  • $150 – $4,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

'Break these toys challenge' -- Personal Capital

Hey Everyone,

Personal Capital wants to help the crowd find more vulnerabilities in their systems. They will be rolling out some updates to their program to further this effort in the coming months. The first bit of help is live on their bounty brief today, with some information to help researchers focus their efforts.

Please see below for further details:

Black box testing indicates potential XSS on the following pages by using the skipFirstUse parameter

Black box testing indicates potential SQL Injection on following page's searchString parameter

Black box testing indicates potential Remote OS Command Injection on

https://devstaging.pcapcloud.com/page/login/app?

with the following parameters: deviceName, skipFirstUse, referrerId, passwd, redirectTo

Thank you, and happy hunting!

Best,
Steve @ Bugcrowd