Skip to main content

Earn upto $10000 per Bug you find in Uber

Earn upto $10000 per issue you find in Uber
Uber Bug Bounty Program
Uber is committed to protect its users in all the possible ways. Uber is securing its technology on all fronts. Uber recently closes one bounty program which was open to limited number of security researchers in US.


Now Uber have opened its bug hunter program to all individuals. Uber is ready to pay $10,000 per genuine issue. They have certain criteria for deciding the bounty value but it all will be worth for it.

What type of vulnerabilities is Uber looking for?

Uber is looking for any vulnerability which could negatively affect the security of its users.
The main categories of vulnerabilities that uber look for are the following:


  • Cross-site Scripting (XSS)
  • Cross-site Request Forgery
  • Server-Side Request Forgery (SSRF)
  • SQL Injection
  • Server-side Remote Code Execution (RCE)
  • XML External Entity Attacks (XXE)
  • Open Redirect Vulnerabilities
  • Access Control Issues (Insecure Direct Object Reference issues, etc)
  • Exposed Administrative Panels that don't require login credentials
  • Directory Traversal Issues
  • Local File Disclosure (LFD)
  • Information Disclosure of Sensitive Information (such as system configurations, user data, etc)
  • Publicly accessible login panels

Please note that if a vulnerability (such as XSS) only affects a small population, e.g. a browser with a low usage percentage, the reward will be determined accordingly. Vulnerabilities that exist only in antiquated browsers such as Internet Explorer 8 for example, are not in scope.

Bounty Payout Range

Critical issues ($10,000) - Remote code execution on a production server. Exposure of information that identifies individuals (social security numbers, credit card numbers, bank account numbers, driver license images) Full account takeover of rider/partner account without interaction. Payment or partner invoice information exposure at scale. Potential access to source code. XSS in Toolshed (our internal account management system), or server-side request forgery (SSRF). Vulnerabilities leading to the compromise of an employee account (with a way to bypass two-factor).

Significant Issues ($5,000) - Stored Cross-site Scripting which can cause significant brand damage (e.g. in a homepage), missing authorization checks leading to the exposure of email addresses, date of birth, names, phone numbers, etc.

Medium Issues ($3,000) - Reflected Cross-site Scripting (XSS), most Cross-site Request Forgery (CSRF) issues, access control issues which do not exposed PII but affect other accounts, rate limiting issues, account validation bypasses (being able to change driver picture, etc). Any vulnerability which allows the bulk lookup of user UUIDs (e.g. turn an auto-incrementing ID into a UUID, turn an email into a UUID).

Read more about Bug bounty program

Most important links to check next ...
Still looking for ideas: 7 ways to save money while shopping online 

Popular posts from this blog

Best Uber First ride free promo code valid worldwide

Uberpromo.in provides latest, verified uber promo code for sign up with first free ride worldwide. You will get free ride worth as per your current city only such as $20, £ 15, 3 ride worth Rs 75 each for India etc. Uber mobile app detects device location automatically.

उबेर प्रोमो कोड | अधिकृत, सत्यापित छूट का कूपन | आपकी पहली ट्रिप मुफ़्त है (जानकारी हिंदी भाषा में )

How to Re-authorize or unlink paytm with Uber India App

Having and active Uber and Paytm account is good, but if something goes wrong from either Uber or paytm side, you the customer suffers a lot. You can't book your ride back home, you can't book ride to airport, railway station. It becomes annoying to have such messy technical app. We cannot predict what may happen in future but we may be ready with some preparation.

Uber does all account sweep for security measures from time to time, if it finds any suspicion, it blocks account, put hold on booking a ride, asks for re-verification of ID or payment method. Recently Paytm was hacked and some hacker were able to make payment in paytm from some other account, hance Uber took security measure and put hold on some accounts.

The above image shows Merchants Authorized by you (Screenshot updated), where you can see Uber if you have already added paytm with uber.
How to Re-authorize or unlink paytm with Uber India AppLogin to paytm account on website or register paytmNavigate to Mercha…

How much I will earn by attaching my car with UBER or OLA

This is very common question now a days in India. Some of the Quora posts hints that OLA/UBER drivers are earning in lakhs per month which is not the case now.

Competition is getting tougher, 100's of new drivers are joining the platform. Now they don't get enough rides sometimes only then UBER/OLA pay them minimum amount for the day.(Already decided amount based upon business).