Uber - HackerOne Reports
View on HackerOne139
Total Reports
16
Critical
25
High
41
Medium
19
Low
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg
Reported by:
healdb
|
Disclosed:
High
Weakness: Cleartext Transmission of Sensitive Information
Bounty: $4000.00
Design Issue at riders.uber.com/profile
Reported by:
referrer
|
Disclosed:
Weakness: Business Logic Errors
It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without
Reported by:
gregoryvperry
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication
Reported by:
gregoryvperry
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
IDOR in activateFuelCard id allows bulk lookup of driver uuids
Reported by:
cablej
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Change the rating of any trip, therefore change the average driver rating
Reported by:
overjt
|
Disclosed:
Medium
Weakness: Business Logic Errors
Bounty: $1500.00
Uber Test Report 20220301
Reported by:
johnzilla313
|
Disclosed:
Medium
Weakness: Business Logic Errors
Stored XSS on developer.uber.com via admin account compromise
Reported by:
albinowax
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Bounty: $5000.00
[experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools
Reported by:
molejarka
|
Disclosed:
Medium
Weakness: Information Disclosure
SSL-protected Reflected XSS in m.uber.com
Reported by:
gregoryvperry
|
Disclosed:
Critical
Weakness: Cross-site Scripting (XSS) - Reflected
[manage.jumpbikes.com] Blind XSS on Jump admin panel via user name
Reported by:
cablej
|
Disclosed:
Critical
Weakness: Cross-site Scripting (XSS) - Stored
Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/
Reported by:
fady_othman
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $500.00
Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
Reported by:
arneswinnen
|
Disclosed:
Critical
Weakness: Improper Authentication - Generic
Full Path and internal information disclosure+ SQLNet.log file disclose internal network information
Reported by:
peroni
|
Disclosed:
Low
Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains
Reported by:
vivek-p
|
Disclosed:
Weakness: Improper Authentication - Generic
Bounty: $1000.00
password reset token leaking allowed for ATO of an Uber account
Reported by:
procode701
|
Disclosed:
Critical
Weakness: Improper Authentication - Generic
[uchat.uberinternals.com] Mattermost doesn't check Origin in Websockets, which leads to the Critical Inforamation Leakage.
Reported by:
kxyry
|
Disclosed:
Critical
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $2000.00
Unsecured Dropwizard Admin Panel on display.uber-adsystem.com exposes sensitive server information
Reported by:
healdb
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
Bounty: $500.00
Changing paymentProfileUuid when booking a trip allows free rides
Reported by:
temmyscript
|
Disclosed:
Weakness: Cross-Site Request Forgery (CSRF)
private passenger information is exposed to the Uber Driver app during ride dispatch ("Ping") events
Reported by:
beezlewaxin
|
Disclosed:
Medium
Weakness: Information Disclosure