52235 policies in database
Link to program      
2015-06-30
2019-09-14
Sprout Social logo
Thank
Gift
HOF
Reward

Sprout Social

Why Sprout's Bug Bounty?

Sprout Social’s social media management platform will help you find, form and deepen real connections with the people who love your brand. We invite you to test and help secure our primary publicly facing assets. We appreciate your efforts in making SproutSocial more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.

You may only test against an account for which you are the account owner or an agent authorized by the account owner to conduct such testing.

Sprout Social prohibits the following types of research:

  • Accessing, or attempting to access, data that does not belong to you

  • Executing, or attempting to execute, a denial of service attack

  • Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages

  • Testing third party websites, applications or services that integrate with Sprout Social

  • Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software

  • Research conducted by minors, individuals on sanctions lists or individuals in countries on sanctions lists

To all security researchers who follow this Responsible Disclosure Policy, Sprout Social promises to:

  • Acknowledge receipt of your report in a timely manner

  • Provide an estimated time frame for addressing the vulnerability

  • Notify you when the vulnerability is fixed

  • Publicly acknowledge your responsible disclosure, if you wish

Please do not publicly disclose vulnerability details without express written consent from Sprout Social.

In Scope

Scope Type Scope Name
android_application

Sprout Social for Android

api

app.sproutsocial.com/api

api

cms.sproutsocial.com/mktapi

api

api.sproutsocial.com

ios_application

Sprout Social for iOS

web_application

app.sproutsocial.com

web_application

media.sproutsocial.com

web_application

sproutsocial.com

web_application

sproutsocial.com/insights

web_application

sproutsocial.com/adapt/

web_application

sproutsocial.com/es/

web_application

sproutsocial.com/pt/

web_application

getbambu.com

web_application

share.sproutsocial.com

web_application

sprout.link

Out of Scope

Scope Type Scope Name
undefined

Anything that CNAMEs to a third party

web_application

jobboard.sproutsocial.com

web_application

*.sproutsocial.com/wp-includes

web_application

sproutsocial.com/wp-includes

web_application

pagely.sproutsocial.com


This program crawled on the 2015-06-30 is sorted as bounty.

FireBounty © 2015-2024

Legal notices | Privacy policy