Sprout Social’s social media management platform will help you find, form and deepen real connections with the people who love your brand. We invite you to test and help secure our primary publicly facing assets. We appreciate your efforts in making SproutSocial more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.
Learn more about Bugcrowd’s VRT.
You may only test against an account for which you are the account owner or an agent authorized by the account owner to conduct such testing.
Sprout Social prohibits the following types of research:
Accessing, or attempting to access, data that does not belong to you
Executing, or attempting to execute, a denial of service attack
Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages
Testing third party websites, applications or services that integrate with Sprout Social
Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software
Research conducted by minors, individuals on sanctions lists or individuals in countries on sanctions lists
To all security researchers who follow this Responsible Disclosure Policy, Sprout Social promises to:
Acknowledge receipt of your report in a timely manner
Provide an estimated time frame for addressing the vulnerability
Notify you when the vulnerability is fixed
Publicly acknowledge your responsible disclosure, if you wish
Please do not publicly disclose vulnerability details without express written consent from Sprout Social.
Scope Type | Scope Name |
---|---|
android_application | Sprout Social for Android |
api | app.sproutsocial.com/api |
api | cms.sproutsocial.com/mktapi |
api | api.sproutsocial.com |
ios_application | Sprout Social for iOS |
web_application | app.sproutsocial.com |
web_application | media.sproutsocial.com |
web_application | sproutsocial.com |
web_application | sproutsocial.com/insights |
web_application | sproutsocial.com/adapt/ |
web_application | sproutsocial.com/es/ |
web_application | sproutsocial.com/pt/ |
web_application | getbambu.com |
web_application | share.sproutsocial.com |
web_application | sprout.link |
Scope Type | Scope Name |
---|---|
undefined | Anything that CNAMEs to a third party |
web_application | jobboard.sproutsocial.com |
web_application | *.sproutsocial.com/wp-includes |
web_application | sproutsocial.com/wp-includes |
web_application | pagely.sproutsocial.com |
This program crawled on the 2015-06-30 is sorted as bounty.
FireBounty © 2015-2024