You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 5, 2021. It is now read-only.
Here's a list of all Bugcrowd's standard exclusions as well as a link to Bugcrowd's standard disclosure policy (ours is explicit permission as opposed to 90 days). Hope this is helpful :-)
STANDARD EXCLUSIONS:
The following finding types are specifically excluded from the bounty:
Descriptive error messages (e.g. Stack Traces, application or server errors).
HTTP 404 codes/pages or other HTTP non-200 codes/pages.
Fingerprinting / banner disclosure on common/public services.
Disclosure of known public files or directories, (e.g. robots.txt).
Clickjacking and issues only exploitable through clickjacking.
CSRF on forms that are available to anonymous users (e.g. the contact form).
Logout Cross-Site Request Forgery (logout CSRF).
Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality.
Lack of Secure/HTTPOnly flags on non-sensitive Cookies.
Lack of Security Speedbump when leaving the site.
Weak Captcha / Captcha Bypass
Forgot Password page brute force and account lockout not enforced.
Here's a list of all Bugcrowd's standard exclusions as well as a link to Bugcrowd's standard disclosure policy (ours is explicit permission as opposed to 90 days). Hope this is helpful :-)
STANDARD EXCLUSIONS:
The following finding types are specifically excluded from the bounty:
[Mobile optional]
Out of Scope bugs for Android apps
Out of Scope bugs for iOS apps
BUGCROWD STANDARD DISCLOSURE POLICY
https://bugcrowd.com/resources/standard-disclosure-terms
The text was updated successfully, but these errors were encountered: