Uber
Most disclosed vulnerability type (32 disclosures) — Improper Authentication - Generic
ddworken has disclosed the most with 14 reports!
Uber's top public payouts
- Uber rewarded uber.com may RCE by Flask Jinja2 Template Injection with a
$10,000bounty! - Uber rewarded OneLogin authentication bypass on WordPress sites with a
$10,000bounty! - Uber rewarded Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical) with a
$10,000bounty! - Uber rewarded Reading Emails in Uber Subdomains with a
$10,000bounty! - Uber rewarded password reset token leaking allowed for ATO of an Uber account with a
$10,000bounty!
Most recently disclosed
duplicate hsts headers lead to firefox ignoring hsts on business.uber.com
@ Submitted by redshark1802
Bug Type: None supplied
Disclosed on 2020-04-30
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg
@ Submitted by healdb
Bug Type: Cleartext Transmission of Sensitive Information
Disclosed on 2020-04-30
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg
@ Submitted by healdb
Bug Type: Cleartext Transmission of Sensitive Information
Disclosed on 2020-04-30
Full Path and internal information disclosure+ SQLNet.log file disclose internal network information
@ Submitted by peroni
Bug Type: None supplied
Disclosed on 2020-04-23
ubernycmarketplace.com is vulnerable to the Heartbleed Bug
@ Submitted by healdb
Bug Type: Information Disclosure
Disclosed on 2020-04-23
Subdomain takeover on mta1a1.spmail.uber.com
@ Submitted by 0x3c3e
Bug Type: Improper Access Control - Generic
Disclosed on 2020-04-06
Change the rating of any trip, therefore change the average driver rating
@ Submitted by overjt
Bug Type: Business Logic Errors
Disclosed on 2020-04-06
Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter
@ Submitted by appsecure_in
Bug Type: Information Disclosure
Disclosed on 2019-09-09
Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter
@ Submitted by appsecure_in
Bug Type: Information Disclosure
Disclosed on 2019-09-09
Lack of proper paymentProfileUUID validation allows any number of free rides without any outstanding balance
@ Submitted by eequalsmc2
Bug Type: Business Logic Errors
Disclosed on 2019-07-18
Client secret, server tokens for developer applications returned by internal API
@ Submitted by appsecure_in
Bug Type: Information Disclosure
Disclosed on 2019-02-08
Open Redirect on central.uber.com allows for account takeover
@ Submitted by ngalog
Bug Type: Improper Authentication - Generic
Disclosed on 2019-01-25
Chained Bugs to Leak Victim's Uber's FB Oauth Token
@ Submitted by ngalog
Bug Type: Improper Authentication - Generic
Disclosed on 2019-01-25
Stored XSS on any page in most Uber domains
@ Submitted by mdv
Bug Type: Cross-site Scripting (XSS) - Stored
Disclosed on 2018-11-20
No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts
@ Submitted by cablej
Bug Type: Improper Authentication - Generic
Disclosed on 2018-11-13