Upwork

Hey Everyone,

Upwork has decided to incorporate a high-impact reward for a certain type of finding.

In addition to the regular rewards for this program, Upwork is also offering a one-time $5,000 reward for the ability to break into any of the specified client or freelancer accounts, and steal the funds allocated to it. The account are: bugcrowd-client@upwork.com and bugcrowd-freelancer@upwork.com.

Rules:

• Please provide complete reproduction steps for how you were able to capture the flag
• Bruteforcing credentials to break in is still out of scope as per the regular scoping rules.

Please review the brief for full details and happy hunting!

Steve @Bugcrowd