'Break these toys challenge' -- Personal Capital
Personal Capital wants to help the crowd find more vulnerabilities in their systems. They will be rolling out some updates to their program to further this effort in the coming months. The first bit of help is live on their bounty brief today, with some information to help researchers focus their efforts.
Please see below for further details:
Black box testing indicates potential XSS on the following pages by using the skipFirstUse parameter
Black box testing indicates potential SQL Injection on following page's searchString parameter
Black box testing indicates potential Remote OS Command Injection on
with the following parameters: deviceName, skipFirstUse, referrerId, passwd, redirectTo
Thank you, and happy hunting!
Steve @ Bugcrowd