Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Zomato - HackerOne Reports

View on HackerOne

110

Total Reports

16

Critical

17

High

25

Medium

18

Low

[www.zomato.com] Privilege Escalation - Control reviews - /████dashboard_handler.php

Reported by: gerben_javado | Disclosed:

Weakness: Privilege Escalation

Bounty: $300.00

[www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php

Reported by: gerben_javado | Disclosed:

Weakness: Privilege Escalation

Bounty: $200.00

[www.zomato.com] Blind XSS in one of the Admin Dashboard

Reported by: sandeep_hodkasia | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

CSRF AT INVITING PEOPLE THOUGH PHONE NUMBER

Reported by: kiraak-boy | Disclosed:

Weakness: Violation of Secure Design Principles

[www.zomato.com] Boolean SQLi - /███████.php

Reported by: gerben_javado | Disclosed:

Weakness: SQL Injection

Bounty: $1000.00

CSRF in the "Add restaurant picture" function

Reported by: 0xamir | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $50.00

[Zomato Order] Insecure deeplink leads to sensitive information disclosure

Reported by: shell_c0de | Disclosed:

High

Bounty: $750.00

[Zomato Android/iOS] Theft of user session

Reported by: bagipro | Disclosed:

[www.zomato.com] IDOR - Leaking all Personal Details of all Zomato Users through an endpoint

Reported by: prateek_0490 | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Reflected XSS in Zomato Mobile - category parameter

Reported by: harry_mg | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bypassing the SMS sending limit for download app link.

Reported by: bihari_web | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

CORS Misconfiguration on www.zomato.com

Reported by: albinowax | Disclosed:

CSRF To Like/Unlike Photos

Reported by: pabster | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

[www.zomato.com] SQLi on `order_id` parameter

Reported by: saltedfish | Disclosed:

Critical

Weakness: SQL Injection

Bounty: $1000.00

Length extension attack leading to HTML injection

Reported by: b1t | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

Bounty: $100.00

[www.zomato.com] Abusing LocalParams to Inject Code through ███████ query

Reported by: bigshaq | Disclosed:

High

Clickjacking login page of http://book.zomato.com/

Reported by: benoculars | Disclosed:

Weakness: UI Redressing (Clickjacking)

Attacker shall recieve order updates on whatsapp for users who have activated whatsapp notification

Reported by: schutzx0r | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $300.00

Zomato.com Reflected Cross Site Scripting

Reported by: akamble937 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $100.00

Open AWS S3 bucket leaks all Images uploaded to Zomato chat

Reported by: yashrs | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Previous Page 4 of 6 Next