Public Zomato bug reports.

Team Bounty Title
Zomato $500 Restaurant payment information leakage
Zomato $100 Length extension attack leading to HTML injection
Zomato $50 Posting to Twitter CSRF on php/post_twitter_authenticate.php
Zomato $250 Bypass OTP verification when placing Order
Zomato $500 [█████████] Hardcoded credentials in Android App
Zomato $300 SQL Injection, exploitable in boolean mode
Zomato $1,000 Login to any account with the emailaddress
Zomato - xss found in zomato
Zomato - CSRF To Like/Unlike Photos
Zomato - Reflected XSS in Zomato Mobile - category parameter
Zomato - Amazon S3 bucket misconfiguration (share)
Zomato - Unauthorised Access to Anyone's User Account
Zomato - is vulnerable to SSL POODLE
Zomato - MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS)
Zomato - XSS in flashmediaelement.swf (
Zomato - takeover a lot of accounts
Zomato - CORS Misconfiguration on
Zomato - [CRITICAL] Complete source code disclosure via exposed Jenkins Dashboard
Zomato - Visibility Robots.txt file
Zomato - Clickjacking login page of
Zomato - CSS
Zomato - Stored Cross site scripting
Zomato - XSS on
Zomato - Unvalidated redirect on user profile website
Zomato - Bypass OTP verification when placing Order
Zomato - XSS onmouseover
Zomato - Instagram OAuth2 Implementation Leaks Access Token; Allows for Cross-Site Script Inclusion (XSSI)
Zomato - Reflected Cross-Site Scripting in
Zomato - Reflected XSS on - Part 2
Zomato - Reflected XSS on - Part I
Zomato - Reflected XSS on Zomato API
Zomato - Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow
Zomato - Persistent XSS on Reservation / Booking Page
Zomato - NexTable: Credentials exposure
Zomato - Two XSS vulns in widget parameters (all_collections.php and o2.php)
Zomato - XSS via modified Zomato widget (res_search_widget.php)
Zomato - XSS and CSRF in Zomato Contact form
Zomato - Weak Password Policy
Zomato - Persistent input validation mail encoding vulnerability in the "just followed you" email notification.
Zomato - Several XSS affecting and
Zomato - Remote File Upload Vulnerability in
Zomato - Cross Site Scripting - type Patameter
Zomato - Twitter Disconnect CSRF
Zomato - Subdomain Takeover