Note the targets of this program. You are only allowed to test on a WHMCS instance that you spin up and own.
This bounty program is for the WHMCS product: an all-in-one client management, billing & support solution. The product is used primarily by web host companies but also other types of online businesses. It is a self-hosted PHP based application installed and managed by those companies (operator).
As a Researcher, you will be targeting your own deployment of the product. You will utilize your knowledge and skill to find security flaws in the implementation of the software, whose design is to provide automation around client management.
Reports will be reviewed and evaluated on an individual basis. You can expect valid security flaws to be rewarded based on both technical and business impact.
Make sure to read the entire Program Brief below to understand more about the scope, non-disclosure, and rewards. Researcher success is important to us and Bugcrowd so please reach out to firstname.lastname@example.org if you need clarity or assistance.
Please do not target or submit reports for production websites operated by WHMCS. The program is exclusively concerned with security research for the self-hosted WHMCS software.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.