| Uber |
- |
Session not expired When logout [partners.uber.com] |
| Uber |
$2,000 |
phone number exposure for riders/drivers given email/uuid |
| Uber |
$8,500 |
SAML Authentication Bypass on uchat.uberinternal.com |
| Uber |
$5,000 |
Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com |
| Uber |
- |
deleting payment profile during active trip puts account into arrears but active trip is temporarily “free” |
| Uber |
$2,500 |
SQL injection in 3rd party software Anomali |
| Uber |
$1,500 |
pam-ussh may be tricked into using another logged in user's ssh-agent |
| Uber |
$2,500 |
Authorization issue in Google G Suite allows DoS through HTTP redirect |
| Uber |
$1,000 |
ability to retrieve a user's phone-number/email for a given inviteCode |
| Uber |
$1,000 |
Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront |
| Uber |
$10,000 |
password reset token leaking allowed for ATO of an Uber account |
| Uber |
$500 |
Users can falsely declare their own Uber account info on the monthly billing application |
| Uber |
$100 |
Stealing users password (Limited Scenario) |
| Uber |
$5,000 |
Changing paymentProfileUuid when booking a trip allows free rides |
| Uber |
- |
Attacker could setup reminder remotely using brute force |
| Uber |
$10,000 |
Reading Emails in Uber Subdomains |
| Uber |
- |
XSS At "pages.et.uber.com" |
| Uber |
- |
Content injection on 404 error page at faspex.uber.com |
| Uber |
- |
User Enumeration and Information Disclosure |
| Uber |
$3,000 |
Missing authorization checks leading to the exposure of ubernihao.com administrator accounts |
| Uber |
$500 |
Blind OOB XXE At "http://ubermovement.com/" |
| Uber |
- |
Can add employee in business.uber.com without add payment method |
| Uber |
- |
Text Only Content Spoofing on ubermovement.com Community Page |
| Uber |
$5,000 |
Stored XSS on developer.uber.com via admin account compromise |
| Uber |
$2,000 |
[IODR] Get business trip via organization id |
| Uber |
$3,000 |
Get organization info base on uuid |
| Uber |
$1,000 |
newsroom.uber.com is vulnerable to 'SOME' XSS attack via plupload.flash.swf |
| Uber |
$4,000 |
SQL Injection on sctrack.email.uber.com.cn |
| Uber |
$2,250 |
Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com |
| Uber |
- |
Server version disclosure |
| Uber |
$1,000 |
Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains |
| Uber |
- |
faspex.uber.com uses an invalid SSL certificate |
| Uber |
- |
Authentication Issue for easter egg on bonjour.uber.com |
| Uber |
- |
Command Injection, Information |
| Uber |
- |
Server version disclosure: team.uberinternal.com |
| Uber |
- |
Error Message on 404 page |
| Uber |
- |
Self-XSS in Partners Profile |
| Uber |
$7,000 |
xss in https://www.uber.com |
| Uber |
$1,500 |
Bulk UUID enumeration via invite codes |
| Uber |
- |
Bruteforce INVITE codes easy way |
| Uber |
- |
Email Address Enumeration |
| Uber |
$750 |
Brute-Forcing invite codes in partners.uber.com |
| Uber |
- |
Newsroom.uber HTML form without CSRF protection |
| Uber |
$10,000 |
Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical) |
| Uber |
- |
Email Enumeration Vulnerability |
| Uber |
- |
Password Reset Does Not Confirm the Existence of an Email Address |
| Uber |
- |
Header Injection |
| Uber |
$750 |
xss vulnerability in http://ubermovement.com/community/daniel |
| Uber |
- |
Uber is Flooding my Mobile with SMS Daily like a cron JOB |
| Uber |
- |
XSS in people.uber.com |
| Uber |
- |
DOM based XSS on |
| Uber |
- |
Phone Number Enumeration |
| Uber |
$7,000 |
OneLogin authentication bypass on WordPress sites via XMLRPC |
| Uber |
- |
Self-XSS on partners.uber.com |
| Uber |
- |
Clickjacking in love.uber.com |
| Uber |
$8,000 |
[CRITICAL] -- Complete Account Takeover |
| Uber |
- |
Compromising Atlassian Confluence (team.uberinternal.com) via WordPress (newsroom.uber.com) |
| Uber |
$10,000 |
OneLogin authentication bypass on WordPress sites |
| Uber |
- |
Missing authentication on Notification setting . |
| Uber |
$5,000 |
Multiple vulnerabilities in a WordPress plugin at drive.uber.com |
| Uber |
- |
Uber for Business Allows Administrators to Change Uber Driver Ratings Due to Failure to Authenticate `fast-rating` Endpoint |
| Uber |
- |
Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously |
| Uber |
- |
Stored self-XSS at m.uber.com |
| Uber |
$2,000 |
Reflected XSS via Livefyre Media Wall in newsroom.uber.com |
| Uber |
- |
Information Disclosure on lite.uber.com |
| Uber |
- |
CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to ```backup.uber.com``` |
| Uber |
$7,500 |
Stored XSS in developer.uber.com |
| Uber |
- |
XSS via password recovering |
| Uber |
- |
XSS in uber oauth |
| Uber |
- |
Unsubscribe any user from receiving email |
| Uber |
- |
Requested and received edit access to Google form |
| Uber |
- |
developer.uber.com/404 and developer.uber.com/docs/404 are susceptible to iframes |
| Uber |
- |
reopen #128853 (Information disclosure at lite.uber.com) |
| Uber |
- |
Disclosure of ways to the site root |
| Uber |
- |
User credentials are not strong on vault.uber.com |
| Uber |
- |
Information disclosure at lite.uber.com |
| Uber |
- |
Enumerating userIDs with phone numbers |
| Uber |
$5,000 |
Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin |
| Uber |
$250 |
Easy spam with USE My PHONE Feature |
| Uber |
- |
Session Impersonation in riders.uber.com |
| Uber |
$5,000 |
Information regarding trips from other users |
| Uber |
$5,000 |
Possibility to get private email using UUID |
| Uber |
$3,000 |
Possible to View Driver Waybill via Driver UUID |
| Uber |
- |
Use Partner/Driver App Without Being Activated |
| Uber |
- |
Brute Forcing rider-view Endpoint Allows for Counting Number of Active Uber Drivers |
| Uber |
$3,000 |
Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0) |
| Uber |
- |
It is possible to re-rate a driver after a very long time |
| Uber |
- |
Pixel flood attack in https://riders.uber.com/profile |
| Uber |
- |
Disclosure of ip addresses in local network of uber |
| Uber |
- |
SMS Flood with Update Profile |
| Uber |
- |
Changing Driver Passwords With Only an Authenticated Session (no password, no email) |
| Uber |
- |
Uploading Plain Text to uber-documents.s3.amazonaws.com Through the Driver Document Upload Page |
| Uber |
- |
Uber password reset link EMAIL FLOOD |
| Uber |
- |
Privilege escalation to allow non activated users to login and use uber partner ios app |
| Uber |
- |
text injection in get.uber.com/check-otp |
| Uber |
$500 |
CBC "cut and paste" attack may cause Open Redirect(even XSS) |
| Uber |
$750 |
XSS In archive.uber.com Due to Mime Sniffing in IE |
| Uber |
$1,000 |
CSV Injection in business.uber.com |
| Uber |
$2,000 |
Stored XSS in drive.uber.com WordPress admin panel |
| Uber |
- |
Cross-site Scripting (XSS) |
| Uber |
- |
CRLF Injection in developer.uber.com |
| Uber |
$10,000 |
uber.com may RCE by Flask Jinja2 Template Injection |
| Uber |
$3,000 |
SQL injection in Wordpress Plugin Huge IT Video Gallery at https://drive.uber.com/frmarketplace/ |
| Uber |
$3,000 |
Reflected XSS via Unvalidated / Open Redirect in uber.com |
| Uber |
- |
Session retention is present which reveals the customer info |
| Uber |
- |
Brute Force Amplification Attack |
| Uber |
- |
CSRF on eng.uber.com may lead to server-side compromise |
| Uber |
$5,000 |
Possibility to brute force invite codes in riders.uber.com |
| Uber |
- |
Stored Cross Site Scripting [SELF] in partners.uber.com |
| Uber |
$3,000 |
Dom Based Xss |
| Uber |
$500 |
Estimation of a Lower Bound on Number of Uber Drivers via Enumeration |
| Uber |
$3,000 |
Avoiding Surge Pricing |
| Uber |
- |
Create account in uber without signup form |
| Uber |
$2,000 |
Bypassing Uber Partner's 3 Cancel Limit |
| Uber |
$3,000 |
Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers |
| Uber |
$3,000 |
SQLi in love.uber.com |
| Uber |
- |
XSS on love.uber.com |
| Uber |
- |
HTML Escaping Error in the 404 Page on developer.uber.com/docs/ |
| Uber |
$1,500 |
Lack of CNAME/A Record Trimming Pointing Uber Domains to Insecure Non-Uber AWS Instances/Sites |
| Uber |
$3,000 |
XSS in getrush.uber.com |
| Uber |
- |
LIsting of http://archive.uber.com/pypi/simple/ |
| Uber |
- |
Self-XSS Vulnerability on Password Reset Form |
| Uber |
$3,000 |
Reflected XSS on developer.uber.com via Angular template injection |
| Uber |
$500 |
Open Redirect in m.uber.com |
| Uber |
- |
Cross-site Scripting (XSS) autocomplete generation in https://www.uber.com/ |
| Uber |
- |
Active Email Hyperlink Sent on riders.uber.com |
| Uber |
$500 |
Open Redirection on Uber.com |
| Uber |
$3,000 |
Reflected XSS on Uber.com careers |
| Uber |
$250 |
Multiple Vulnerabilities (Including SQLi) in love.uber.com |
| Uber |
$3,000 |
XSS @ love.uber.com |
| Uber |
- |
Unauthorized file (invoice) download |
| Uber |
$500 |
Drivers can change profile picture |
| Uber |
$1,000 |
Mass Assignment Vulnerability in partners.uber.com |
| Uber |
$100 |
Issue with Password reset functionality |
| Uber |
$500 |
XSS on partners.uber.com |