Upwork

  • $120 – $5,000 per vulnerability
  • Up to $10,000 maximum reward
  • Partial safe harbor
  • Managed by Bugcrowd

Reward Increases for Web, Desktop, and API targets

Thank you for your participation on the Upwork program, in order to better compensate you for your research on our Web, Desktop, and API targets we have increased the rewards for P1's and P2's as of April 22, 2021!

Priority New Reward Range Previous Reward Range
P1 $5,000 $2,000
P2 $2,000 $1,200
P3 same $480
P4 same $120

For full details, please review the program brief, highlights for these targets include:

Resources

Testing Tips

  • Please sign up for an Upwork account and Upwork API using your @bugcrowdninja.com email address. Only basic/free access is provided by the Upwork team for this program, you are welcome to test the API using a paid account, but these are not offered at this time.
  • When testing please only test against jobs that you have created - do not test against jobs owned by persons other than yourself
  • Worth noting, Upwork is designed to help people find jobs and posting/viewing resumes and other PII is a core component of the service. While you may submit findings, it must have a clear threat or business impact for Upwork; otherwise, it is likely to be marked as won't fix or informational.

Happy Hunting!