Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Grab - HackerOne Reports

View on HackerOne

20

Total Reports

3

Critical

6

High

11

Medium

0

Low

Two-factor authentication bypass on Grab Android App

Reported by: sp1d3rs | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $500.00

Dom based xss affecting all pages from https://www.grab.com/.

Reported by: netfuzzer | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

www.drivegrab.com SQL injection

Reported by: jouko | Disclosed:

High

Weakness: SQL Injection

Bounty: $4500.00

Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com

Reported by: todayisnew | Disclosed:

Medium

Weakness: Array Index Underflow

Bounty: $1000.00

stored xss in comments : driver exam

Reported by: paresh_parmar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $250.00

Unrestricted access to Eureka server on ██████

Reported by: reptou | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $500.00

Unrestricted access to https://██████.█████myteksi.net/

Reported by: reptou | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $250.00

[growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite

Reported by: ysx | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Leaking sensitive information on Github lead full access to all Grab Slack channels

Reported by: xsam | Disclosed:

Critical

Weakness: Information Disclosure

CSV Injection https://hub.grab.com

Reported by: poison | Disclosed:

Medium

Weakness: Command Injection - Generic

[Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure

Reported by: bagipro | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Registration enabled on ███grab.com

Reported by: grouptherapy | Disclosed:

Medium

Weakness: Information Disclosure

Blind stored xss [parcel.grab.com] > name parameter

Reported by: paresh_parmar | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $750.00

Access Grab_Road BigData Database via Open Presto coordinator

Reported by: vinothkumar | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $5000.00

Production secret key leak in config/secrets.yml

Reported by: phreak | Disclosed:

High

Weakness: Cleartext Storage of Sensitive Information

Git repository found

Reported by: linkks | Disclosed:

High

Weakness: Information Disclosure

[parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/

Reported by: thsa | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Leak ██████████ information in real time through API request

Reported by: severus | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $3000.00

Private Grab Messages on Android App can be accessed and cached by Search Engines

Reported by: sp1d3rs | Disclosed:

Medium

Bounty: $200.00

Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App

Reported by: sp1d3rs | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $1000.00