Skip to content

Latest commit

 

History

History
130 lines (129 loc) · 16.6 KB

TOPZOMATO.md

File metadata and controls

130 lines (129 loc) · 16.6 KB
Raw

Top reports from Zomato program at HackerOne:

  1. Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com to Zomato - 529 upvotes, $5000
  2. [www.zomato.com] SQLi - /php/██████████ - item_id to Zomato - 275 upvotes, $4500
  3. [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s) to Zomato - 218 upvotes, $1000
  4. Improper Validation at Partners Login to Zomato - 216 upvotes, $2000
  5. [www.zomato.com] Blind XSS on one of the Admin Dashboard to Zomato - 212 upvotes, $750
  6. SQL Injection in www.hyperpure.com to Zomato - 211 upvotes, $2000
  7. [www.zomato.com] CORS Misconfiguration, could lead to disclosure of sensitive information to Zomato - 207 upvotes, $550
  8. Information Disclosure through Sentry Instance ███████ to Zomato - 169 upvotes, $750
  9. [api.zomato.com] Able to manipulate order amount to Zomato - 131 upvotes, $4500
  10. Solr Injection in user_id parameter at :/v2/leaderboard_v2.json to Zomato - 130 upvotes, $2000
  11. Able to manipulate order amount by removing cancellation amount and cause financial impact to Zomato - 119 upvotes, $750
  12. [Zomato Order] Insecure deeplink leads to sensitive information disclosure to Zomato - 103 upvotes, $750
  13. [www.zomato.com] Leaking Email Addresses of merchants via reset password feature to Zomato - 99 upvotes, $500
  14. Base alpha version code exposure to Zomato - 98 upvotes, $500
  15. Availing Zomato gold by using a random third-party wallet_id to Zomato - 97 upvotes, $2000
  16. [www.zomato.com] Blind XSS in one of the admin dashboard to Zomato - 96 upvotes, $500
  17. Add upto 10K rupees to a wallet by paying an arbitrary amount to Zomato - 93 upvotes, $2000
  18. Subdomain takeover of fr1.vpn.zomans.com to Zomato - 89 upvotes, $350
  19. Login to any account with the emailaddress to Zomato - 87 upvotes, $1000
  20. Claiming the listing of a non-delivery restaurant through OTP manipulation to Zomato - 83 upvotes, $3250
  21. credentials leakage in public lead to view dev websites to Zomato - 75 upvotes, $400
  22. [www.zomato.com] Tampering with Order Quantity and paying less amount then actual amount, leads to business loss to Zomato - 66 upvotes, $1500
  23. [https://reviews.zomato.com] Time Based SQL Injection to Zomato - 66 upvotes, $1000
  24. [www.zomato.com] SQLi on order_id parameter to Zomato - 60 upvotes, $1000
  25. [www.zomato.com] Blind XSS in one of the Admin Dashboard to Zomato - 60 upvotes, $500
  26. [Zomato Android/iOS] Theft of user session to Zomato - 58 upvotes, $650
  27. [www.zomato.com] Blind SQL Injection in /php/geto2banner to Zomato - 57 upvotes, $2000
  28. subdomain takeover on fddkim.zomato.com to Zomato - 54 upvotes, $350
  29. [www.zomato.com] Union SQLi + Waf Bypass to Zomato - 53 upvotes, $1000
  30. IDOR to delete images from other stores to Zomato - 49 upvotes, $600
  31. Open AWS S3 bucket leaks all Images uploaded to Zomato chat to Zomato - 47 upvotes, $300
  32. [Zomato for Business Android] Vulnerability in exported activity WebView to Zomato - 47 upvotes, $0
  33. [www.zomato.com] Blind SQL Injection in /php/widgets_handler.php to Zomato - 44 upvotes, $2000
  34. [auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider to Zomato - 44 upvotes, $250
  35. [www.zomato.com] Boolean SQLi - /█████.php to Zomato - 37 upvotes, $1000
  36. Blind XSS - Report review - Admin panel to Zomato - 37 upvotes, $350
  37. [www.zomato.com] Boolean SQLi - /███████.php to Zomato - 34 upvotes, $1000
  38. [www.zomato.com/dubai/gold] CRITICAL - Allowing arbitrary amount to become a GOLD Member to Zomato - 33 upvotes, $500
  39. Race condition in User comments Likes to Zomato - 33 upvotes, $150
  40. SSRF in https://www.zomato.com████ allows reading local files and website source code to Zomato - 31 upvotes, $1000
  41. Admin Access to a domain used for development and admin access to internal dashboards on that domain to Zomato - 29 upvotes, $1000
  42. [www.zomato.com] IDOR - Leaking all Personal Details of all Zomato Users through an endpoint to Zomato - 29 upvotes, $750
  43. Self-Stored XSS - Chained with login/logout CSRF to Zomato - 29 upvotes, $300
  44. IDOR to cancel any table booking and leak sensitive information such as email,mobile number,uuid to Zomato - 29 upvotes, $250
  45. Unauthorised Access to Anyone's User Account to Zomato - 27 upvotes, $0
  46. [█████████] Hardcoded credentials in Android App to Zomato - 26 upvotes, $500
  47. Page has a link to google drive which has logos and a few customer phone recordings to Zomato - 26 upvotes, $200
  48. [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php to Zomato - 25 upvotes, $200
  49. CORS Misconfiguration on www.zomato.com to Zomato - 25 upvotes, $0
  50. Attacker shall recieve order updates on whatsapp for users who have activated whatsapp notification to Zomato - 24 upvotes, $300
  51. [www.zomato.com] Abusing LocalParams to Inject Code through ███████ query to Zomato - 23 upvotes, $700
  52. Reflected XSS on developers.zomato.com to Zomato - 23 upvotes, $100
  53. Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone to Zomato - 22 upvotes, $1500
  54. HTML injection leads to reflected XSS to Zomato - 22 upvotes, $150
  55. Length extension attack leading to HTML injection to Zomato - 21 upvotes, $100
  56. Use any User to Follow you (Increase Followers) [IDOR] to Zomato - 21 upvotes, $50
  57. SQL Injection, exploitable in boolean mode to Zomato - 20 upvotes, $300
  58. [www.zomato.com] Unauthenticated access to Internal Sales Data of Zomato through an unrestricted endpoint to Zomato - 20 upvotes, $250
  59. Improper validation allows user to unlock Zomato Gold multiple times at the same restaurant within one day to Zomato - 20 upvotes, $150
  60. [www.zomato.com] Privilege Escalation - Control reviews - /████dashboard_handler.php to Zomato - 18 upvotes, $300
  61. Ability to manipulate price with a max threshold of \<1 Rupee in support rider parameter to Zomato - 17 upvotes, $150
  62. [www.zomato.com] IDOR - Delete/Deactivate any special menu of any Restaurants from Zomato to Zomato - 16 upvotes, $100
  63. Amazon S3 bucket misconfiguration (share) to Zomato - 16 upvotes, $0
  64. Free food bug done by burp suite to Zomato - 16 upvotes, $0
  65. User Profiles Leak PII in HTML Document for Mobile Browser User Agents to Zomato - 15 upvotes, $500
  66. Phishing user to download malicious app could lead to leakage of User Access Token, Email, Name and Profile photo via exported RemoteService to Zomato - 15 upvotes, $300
  67. takeover a lot of accounts to Zomato - 15 upvotes, $0
  68. Restaurant payment information leakage to Zomato - 14 upvotes, $500
  69. HTML Injection @ /[restaurant]/order endpoint. to Zomato - 14 upvotes, $150
  70. Reflected XSS on https://www.zomato.com to Zomato - 14 upvotes, $100
  71. [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users to Zomato - 14 upvotes, $100
  72. Posting to Twitter CSRF on php/post_twitter_authenticate.php to Zomato - 14 upvotes, $50
  73. [www.zomato.com] IDOR - Delete/Deactivate ANY/ALL Promos through a Post Request at clients/promoDataHandler.php to Zomato - 13 upvotes, $200
  74. Zomato.com Reflected Cross Site Scripting to Zomato - 13 upvotes, $100
  75. Instagram OAuth2 Implementation Leaks Access Token; Allows for Cross-Site Script Inclusion (XSSI) to Zomato - 13 upvotes, $0
  76. test.zba.se is vulnerable to SSL POODLE to Zomato - 13 upvotes, $0
  77. Bypass OTP verification when placing Order to Zomato - 11 upvotes, $250
  78. Unauthorized update of merchants' information via /php/merchant_details.php to Zomato - 11 upvotes, $200
  79. Bypass OTP verification when placing Order to Zomato - 10 upvotes, $0
  80. Visibility Robots.txt file to Zomato - 10 upvotes, $0
  81. Potential server misconfiguration leads to disclosure of vendor/ directory to Zomato - 10 upvotes, $0
  82. Open Redirect On Your Login Panel to Zomato - 10 upvotes, $0
  83. Sending Unlimited Emails to anyone from zomato mail server. to Zomato - 10 upvotes, $0
  84. The vulnerabilities found were XSS, Public disclosure, Network enumeration via CSRF, DLL hijacking. to Zomato - 10 upvotes, $0
  85. [Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2 to Zomato - 9 upvotes, $100
  86. [www.zomato.com] Abusing LocalParams (city) to Inject SOLR query to Zomato - 9 upvotes, $100
  87. XSS onmouseover to Zomato - 9 upvotes, $0
  88. Twitter Disconnect CSRF to Zomato - 9 upvotes, $0
  89. Reflected XSS on business-blog.zomato.com - Part I to Zomato - 9 upvotes, $0
  90. Zomato Map server going out of memory while resizing map image to Zomato - 9 upvotes, $0
  91. Mathematical error found in meals for one to Zomato - 9 upvotes, $0
  92. CSRF in the "Add restaurant picture" function to Zomato - 8 upvotes, $50
  93. Stored Cross site scripting to Zomato - 8 upvotes, $0
  94. [www.zomato.com] Getting a complimentary dessert [Zomato Treats] on ordering a Meal at no cost to Zomato - 6 upvotes, $250
  95. [api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query to Zomato - 6 upvotes, $150
  96. IDOR in treat subscriptions to Zomato - 6 upvotes, $100
  97. Reflected XSS in Zomato Mobile - category parameter to Zomato - 6 upvotes, $0
  98. Bypassing the SMS sending limit for download app link. to Zomato - 6 upvotes, $0
  99. Several XSS affecting Zomato.com and developers.zomato.com to Zomato - 5 upvotes, $0
  100. CSRF AT INVITING PEOPLE THOUGH PHONE NUMBER to Zomato - 5 upvotes, $0
  101. Reflected XSS on business-blog.zomato.com - Part 2 to Zomato - 5 upvotes, $0
  102. CSRF To Like/Unlike Photos to Zomato - 5 upvotes, $0
  103. Outdated MediaElement.js Reflected Cross-Site Scripting (XSS) to Zomato - 5 upvotes, $0
  104. Subdomain Takeover to Zomato - 4 upvotes, $0
  105. Persistent input validation mail encoding vulnerability in the "just followed you" email notification. to Zomato - 4 upvotes, $0
  106. Reflected Cross-Site Scripting in www.zomato.com/php/instagram_tag_relay to Zomato - 4 upvotes, $0
  107. MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS) to Zomato - 4 upvotes, $0
  108. XSS in flashmediaelement.swf (business-blog.zomato.com) to Zomato - 4 upvotes, $0
  109. xss found in zomato to Zomato - 4 upvotes, $0
  110. CSRF AT SELECTING ZAMATO HANDLE to Zomato - 3 upvotes, $0
  111. XSS on zomato.com to Zomato - 3 upvotes, $0
  112. Clickjacking login page of http://book.zomato.com/ to Zomato - 3 upvotes, $0
  113. NexTable: Credentials exposure to Zomato - 3 upvotes, $0
  114. Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE) to Zomato - 3 upvotes, $0
  115. Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow to Zomato - 2 upvotes, $0
  116. CSS to Zomato - 2 upvotes, $0
  117. URL is vulnerable to clickjacking to Zomato - 2 upvotes, $0
  118. XSS in "explore-keywords-dropdown" results. to Zomato - 2 upvotes, $0
  119. Cross Site Scripting - type Patameter to Zomato - 1 upvotes, $0
  120. Remote File Upload Vulnerability in business-blog.zomato.com to Zomato - 1 upvotes, $0
  121. Weak Password Policy to Zomato - 1 upvotes, $0
  122. XSS and CSRF in Zomato Contact form to Zomato - 1 upvotes, $0
  123. Reflected XSS on Zomato API to Zomato - 1 upvotes, $0
  124. Persistent XSS on Reservation / Booking Page to Zomato - 1 upvotes, $0
  125. Two XSS vulns in widget parameters (all_collections.php and o2.php) to Zomato - 1 upvotes, $0
  126. Unvalidated redirect on user profile website to Zomato - 1 upvotes, $0
  127. Lack of Password Confirmation for Account Deletion to Zomato - 1 upvotes, $0
  128. XSS via modified Zomato widget (res_search_widget.php) to Zomato - 0 upvotes, $0