Empower Personal Wealth
- $150 – $4,000 per vulnerability
'Break these toys challenge' -- Personal Capital
Hey Everyone,
Personal Capital wants to help the crowd find more vulnerabilities in their systems. They will be rolling out some updates to their program to further this effort in the coming months. The first bit of help is live on their bounty brief today, with some information to help researchers focus their efforts.
Please see below for further details:
Black box testing indicates potential XSS on the following pages by using the skipFirstUse parameter
- https://devstaging.pcapcloud.com/page/login/goHome?
- https://devstaging.pcapcloud.com/page/login/app?
Black box testing indicates potential SQL Injection on following page's searchString parameter
Black box testing indicates potential Remote OS Command Injection on
https://devstaging.pcapcloud.com/page/login/app?
with the following parameters: deviceName, skipFirstUse, referrerId, passwd, redirectTo
Thank you, and happy hunting!
Best,
Steve @ Bugcrowd