Zomato - HackerOne Reports
View on HackerOne110
Total Reports
16
Critical
17
High
25
Medium
18
Low
takeover a lot of accounts
Reported by:
yipman
|
Disclosed:
High
IDOR to delete images from other stores
Reported by:
emitrani
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Bounty: $600.00
subdomain takeover on fddkim.zomato.com
Reported by:
mosec9
|
Disclosed:
Medium
Weakness: Privilege Escalation
Sending Unlimited Emails to anyone from zomato mail server.
Reported by:
bihari_web
|
Disclosed:
Weakness: Improper Restriction of Authentication Attempts
Phishing user to download malicious app could lead to leakage of User Access Token, Email, Name and Profile photo via exported RemoteService
Reported by:
libcontainer
|
Disclosed:
Low
Weakness: Information Disclosure
Bounty: $300.00
Restaurant payment information leakage
Reported by:
adibou
|
Disclosed:
Critical
[https://reviews.zomato.com] Time Based SQL Injection
Reported by:
samengmg
|
Disclosed:
Critical
Weakness: SQL Injection
Bounty: $1000.00
Race condition in User comments Likes
Reported by:
0xdekster
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
[www.zomato.com] SQLi - /php/██████████ - item_id
Reported by:
gerben_javado
|
Disclosed:
Critical
Weakness: SQL Injection
Bounty: $4500.00
[www.zomato.com] Unauthenticated access to Internal Sales Data of Zomato through an unrestricted endpoint
Reported by:
prateek_0490
|
Disclosed:
Weakness: Improper Authentication - Generic
Previous
Page 6 of 6