Upwork

  • $120 – $5,000 per vulnerability
  • Up to $10,000 maximum reward
  • Partial safe harbor
  • Managed by Bugcrowd

Cybersecurity Awareness Month

Thanks for your participation in the Upwork Bounty Program. In honor of cybersecurity awareness month, we'd like to remind you of our opportunities to increase your bounty. Here are our current bonuses, if you think you have what it takes to hack our program please review the brief and dive on in!

Special Bonuses and rewards

  • Upwork is also offering an extra, one-time $5,000 reward for the ability to break into any of the specified client or freelancer accounts and steal the funds allocated to it. The account is: bugcrowd-client@upwork.com and bugcrowd-freelancer@upwork.com.

    • Please provide complete reproduction steps for how you were able to capture the flag
    • Bruteforcing credentials to break in is still out of scope as per the regular scoping rules.
    • Use of Social Engineering to take-over the account is still out of scope as per the regular scoping rules.
  • Momentum Bonus, the more you submit, the more you earn!

    • There is a 7-day sliding window where you can build momentum on your rewards for the Upwork program. Every accepted bug submitted during this window will earn you a 10% increase on your payout. For example, if you submit 3 bugs in one week the first pays 100%, the second pays 110%, the third pays 120%, etc. this scales to a maximum payout amount of 200% (double reward) the original value.