Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Zomato - HackerOne Reports

View on HackerOne

110

Total Reports

16

Critical

17

High

25

Medium

18

Low

[Zomato for Business Android] Vulnerability in exported activity WebView

Reported by: shell_c0de | Disclosed:

Medium

CSS

Reported by: top | Disclosed:

Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone

Reported by: bigbug | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $1500.00

Claiming the listing of a non-delivery restaurant through OTP manipulation

Reported by: ashoka_rao | Disclosed:

Critical

Weakness: Improper Authorization

Bounty: $3250.00

HTML Injection @ /[restaurant]/order endpoint.

Reported by: mr_edwards | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $150.00

Subdomain takeover of fr1.vpn.zomans.com

Reported by: ian | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $350.00

Reflected XSS on business-blog.zomato.com - Part I

Reported by: dsopas | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

SQL Injection in www.hyperpure.com

Reported by: hoteyes | Disclosed:

Critical

Weakness: Code Injection

Bounty: $2000.00

[www.zomato.com/dubai/gold] CRITICAL - Allowing arbitrary amount to become a GOLD Member

Reported by: prateek_0490 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

[www.zomato.com] Blind XSS on one of the Admin Dashboard

Reported by: pandaaaa | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $750.00

IDOR in treat subscriptions

Reported by: harsh13 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE)

Reported by: foobar7 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

SQL Injection, exploitable in boolean mode

Reported by: securitygab | Disclosed:

Critical

Weakness: SQL Injection

[█████████] Hardcoded credentials in Android App

Reported by: gerben_javado | Disclosed:

Critical

Weakness: Use of Hard-coded Credentials

Bounty: $500.00

[api.zomato.com] Able to manipulate order amount

Reported by: pasw | Disclosed:

High

Weakness: Business Logic Errors

[www.zomato.com] Blind XSS in one of the admin dashboard

Reported by: nguyenlv7 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $500.00

test.zba.se is vulnerable to SSL POODLE

Reported by: hackerhero | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

xss found in zomato

Reported by: rasi-ras | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

[www.zomato.com] Blind SQL Injection in /php/widgets_handler.php

Reported by: zzzhacker13 | Disclosed:

Critical

Weakness: SQL Injection

Bounty: $2000.00

Base alpha version code exposure

Reported by: cha5m | Disclosed:

Weakness: Information Disclosure

Previous Page 2 of 6 Next