Bug Bounty Out of Scope List

Domains

Issues

• Denial of Service or brute force attacks unless they expose confidential data, including but not limited to...
• Performing actions that may negatively affect Salesroom or its users (e.g. spam, brute force, denial of service, etc)
• Executing brute force attempts to enumerate users beyond a proof of concept.
• Any kind of DDoS attacks.
• Any kind of rate limit, service limit, timing abuse or DoS, DDoS attacks unless the attack expose an abuse of functionality, data exfiltration or other similar abuse beyond service unavailability.
• Spamming forms through automated vulnerability are explicitly out of scope.

• Performing actions that may negatively affect Salesroom or its users (e.g. spam, brute force, denial of service...)

• Publicly released bugs in internet software.

• Spam or social engineering techniques conducted on any Salesroom employee, vendor or contractor, account management or service desk, including but not limited to...
• SPF and DKIM issues
• Content injection
• Hyperlink injection in emails
• IDN homograph attacks
• RTL Ambiguity

• Violating any laws or breaching any agreements to discover vulnerabilities.

• Accessing, or attempting to access, data or information that does not belong to you.

• Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.

• Conducting any kind of physical or electronic attack on Salesroom personnel, property, data centers, corporate offices, employee personal assets or any other physical assessment of Salesroom or it’s employees security.
• Any physical attempts against Salesroom property or data centers.

• Attacks requiring physical access to a user’s device or vulnerabilities requiring physical access to the victim’s unlocked device.

• Hosting malware/arbitrary content on Salesroom and causing downloads.

• XSS on any site other than those owned and operated by Salesroom Inc.