Public Uber bug reports.

Team Bounty Title
Uber - Session not expired When logout []
Uber $2,000 phone number exposure for riders/drivers given email/uuid
Uber $8,500 SAML Authentication Bypass on
Uber $5,000 Authentication bypass on via subdomain takeover of
Uber - deleting payment profile during active trip puts account into arrears but active trip is temporarily “free”
Uber $2,500 SQL injection in 3rd party software Anomali
Uber $1,500 pam-ussh may be tricked into using another logged in user's ssh-agent
Uber $2,500 Authorization issue in Google G Suite allows DoS through HTTP redirect
Uber $1,000 ability to retrieve a user's phone-number/email for a given inviteCode
Uber $1,000 Subdomain takeover on due to non-existent distribution on Cloudfront
Uber $10,000 password reset token leaking allowed for ATO of an Uber account
Uber $500 Users can falsely declare their own Uber account info on the monthly billing application
Uber $100 Stealing users password (Limited Scenario)
Uber $5,000 Changing paymentProfileUuid when booking a trip allows free rides
Uber - Attacker could setup reminder remotely using brute force
Uber $10,000 Reading Emails in Uber Subdomains
Uber - XSS At ""
Uber - Content injection on 404 error page at
Uber - User Enumeration and Information Disclosure
Uber $3,000 Missing authorization checks leading to the exposure of administrator accounts
Uber $500 Blind OOB XXE At ""
Uber - Can add employee in without add payment method
Uber - Text Only Content Spoofing on Community Page
Uber $5,000 Stored XSS on via admin account compromise
Uber $2,000 [IODR] Get business trip via organization id
Uber $3,000 Get organization info base on uuid
Uber $1,000 is vulnerable to 'SOME' XSS attack via plupload.flash.swf
Uber $4,000 SQL Injection on
Uber $2,250 Subdomain takeover of, and
Uber - Server version disclosure
Uber $1,000 Wordpress Vulnerabilities in and domains
Uber - uses an invalid SSL certificate
Uber - Authentication Issue for easter egg on
Uber - Command Injection, Information
Uber - Server version disclosure:
Uber - Error Message on 404 page
Uber - Self-XSS in Partners Profile
Uber $7,000 xss in
Uber $1,500 Bulk UUID enumeration via invite codes
Uber - Bruteforce INVITE codes easy way
Uber - Email Address Enumeration
Uber $750 Brute-Forcing invite codes in
Uber - Newsroom.uber HTML form without CSRF protection
Uber $10,000 Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
Uber - Email Enumeration Vulnerability
Uber - Password Reset Does Not Confirm the Existence of an Email Address
Uber - Header Injection
Uber $750 xss vulnerability in
Uber - Uber is Flooding my Mobile with SMS Daily like a cron JOB
Uber - XSS in
Uber - DOM based XSS on
Uber - Phone Number Enumeration
Uber $7,000 OneLogin authentication bypass on WordPress sites via XMLRPC
Uber - Self-XSS on
Uber - Clickjacking in
Uber $8,000 [CRITICAL] -- Complete Account Takeover
Uber - Compromising Atlassian Confluence ( via WordPress (
Uber $10,000 OneLogin authentication bypass on WordPress sites
Uber - Missing authentication on Notification setting .
Uber $5,000 Multiple vulnerabilities in a WordPress plugin at
Uber - Uber for Business Allows Administrators to Change Uber Driver Ratings Due to Failure to Authenticate `fast-rating` Endpoint
Uber - Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously
Uber - Stored self-XSS at
Uber $2,000 Reflected XSS via Livefyre Media Wall in
Uber - Information Disclosure on
Uber - CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to ``````
Uber $7,500 Stored XSS in
Uber - XSS via password recovering
Uber - XSS in uber oauth
Uber - Unsubscribe any user from receiving email
Uber - Requested and received edit access to Google form
Uber - and are susceptible to iframes
Uber - reopen #128853 (Information disclosure at
Uber - Disclosure of ways to the site root
Uber - User credentials are not strong on
Uber - Information disclosure at
Uber - Enumerating userIDs with phone numbers
Uber $5,000 Stored XSS on admin panel / Stream WordPress plugin
Uber $250 Easy spam with USE My PHONE Feature
Uber - Session Impersonation in
Uber $5,000 Information regarding trips from other users
Uber $5,000 Possibility to get private email using UUID
Uber $3,000 Possible to View Driver Waybill via Driver UUID
Uber - Use Partner/Driver App Without Being Activated
Uber - Brute Forcing rider-view Endpoint Allows for Counting Number of Active Uber Drivers
Uber $3,000 Stored XSS in Due to Injection of Javascript:alert(0)
Uber - It is possible to re-rate a driver after a very long time
Uber - Pixel flood attack in
Uber - Disclosure of ip addresses in local network of uber
Uber - SMS Flood with Update Profile
Uber - Changing Driver Passwords With Only an Authenticated Session (no password, no email)
Uber - Uploading Plain Text to Through the Driver Document Upload Page
Uber - Uber password reset link EMAIL FLOOD
Uber - Privilege escalation to allow non activated users to login and use uber partner ios app
Uber - text injection in
Uber $500 CBC "cut and paste" attack may cause Open Redirect(even XSS)
Uber $750 XSS In Due to Mime Sniffing in IE
Uber $1,000 CSV Injection in
Uber $2,000 Stored XSS in WordPress admin panel
Uber - Cross-site Scripting (XSS)
Uber - CRLF Injection in
Uber $10,000 may RCE by Flask Jinja2 Template Injection
Uber $3,000 SQL injection in Wordpress Plugin Huge IT Video Gallery at
Uber $3,000 Reflected XSS via Unvalidated / Open Redirect in
Uber - Session retention is present which reveals the customer info
Uber - Brute Force Amplification Attack
Uber - CSRF on may lead to server-side compromise
Uber $5,000 Possibility to brute force invite codes in
Uber - Stored Cross Site Scripting [SELF] in
Uber $3,000 Dom Based Xss
Uber $500 Estimation of a Lower Bound on Number of Uber Drivers via Enumeration
Uber $3,000 Avoiding Surge Pricing
Uber - Create account in uber without signup form
Uber $2,000 Bypassing Uber Partner's 3 Cancel Limit
Uber $3,000 Lack of rate limiting on leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
Uber $3,000 SQLi in
Uber - XSS on
Uber - HTML Escaping Error in the 404 Page on
Uber $1,500 Lack of CNAME/A Record Trimming Pointing Uber Domains to Insecure Non-Uber AWS Instances/Sites
Uber $3,000 XSS in
Uber - LIsting of
Uber - Self-XSS Vulnerability on Password Reset Form
Uber $3,000 Reflected XSS on via Angular template injection
Uber $500 Open Redirect in
Uber - Cross-site Scripting (XSS) autocomplete generation in
Uber - Active Email Hyperlink Sent on
Uber $500 Open Redirection on
Uber $3,000 Reflected XSS on careers
Uber $250 Multiple Vulnerabilities (Including SQLi) in
Uber $3,000 XSS @
Uber - Unauthorized file (invoice) download
Uber $500 Drivers can change profile picture
Uber $1,000 Mass Assignment Vulnerability in
Uber $100 Issue with Password reset functionality
Uber $500 XSS on