17619 policies in database
Link to program      
2015-06-30
2019-08-06
WHMCS Client Management Portal logo
Thank
Gift
HOF
Reward

Reward

75 $ 

WHMCS Client Management Portal

Note the targets of this program. You are only allowed to test on a WHMCS instance that you spin up and own.

Quick Overview

This bounty program is for the WHMCS product: an all-in-one client management, billing & support solution. The product is used primarily by web host companies but also other types of online businesses. It is a self-hosted PHP based application installed and managed by those companies (operator).

As a Researcher, you will be targeting your own deployment of the product. You will utilize your knowledge and skill to find security flaws in the implementation of the software, whose design is to provide automation around client management.

Reports will be reviewed and evaluated on an individual basis. You can expect valid security flaws to be rewarded base on both technical and business impact.

Make sure to read the entire Program Brief below to understand more about the scope, non-disclosure, and rewards. Researcher success is important to us and Bugcrowd so please reach out to support@bugcrowd.com if you need clarity or assistance.
Please do not target or submit reports for production websites operated by WHMCS. The program is exclusively concerned with security research for the self-hosted WHMCS software.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
undefined

Researcher owned WHMCS Instance

Out of Scope

Scope Type Scope Name
android_application

WHMCS Android App

ios_application

WHMCS iOS app

undefined

Live production instance of WHMCS (Any instances not owned by you)

undefined

WHMCS Windows mobile app

web_application

*.whmcs.com

web_application

www.whmcs.com

web_application

whmcs.community


Firebounty have crawled on 2015-06-30 the program WHMCS Client Management Portal on the platform Bugcrowd.

FireBounty © 2015-2021

Legal notices