Skip to main content

Earn upto $10000 per Bug you find in Uber

Earn upto $10000 per issue you find in Uber
Uber Bug Bounty Program
Uber is committed to protect its users in all the possible ways. Uber is securing its technology on all fronts. Uber recently closes one bounty program which was open to limited number of security researchers in US.

Now Uber have opened its bug hunter program to all individuals. Uber is ready to pay $10,000 per genuine issue. They have certain criteria for deciding the bounty value but it all will be worth for it.

What type of vulnerabilities is Uber looking for?

Uber is looking for any vulnerability which could negatively affect the security of its users.
The main categories of vulnerabilities that uber look for are the following:

  • Cross-site Scripting (XSS)
  • Cross-site Request Forgery
  • Server-Side Request Forgery (SSRF)
  • SQL Injection
  • Server-side Remote Code Execution (RCE)
  • XML External Entity Attacks (XXE)
  • Open Redirect Vulnerabilities
  • Access Control Issues (Insecure Direct Object Reference issues, etc)
  • Exposed Administrative Panels that don't require login credentials
  • Directory Traversal Issues
  • Local File Disclosure (LFD)
  • Information Disclosure of Sensitive Information (such as system configurations, user data, etc)
  • Publicly accessible login panels

Please note that if a vulnerability (such as XSS) only affects a small population, e.g. a browser with a low usage percentage, the reward will be determined accordingly. Vulnerabilities that exist only in antiquated browsers such as Internet Explorer 8 for example, are not in scope.

Bounty Payout Range

Critical issues ($10,000) - Remote code execution on a production server. Exposure of information that identifies individuals (social security numbers, credit card numbers, bank account numbers, driver license images) Full account takeover of rider/partner account without interaction. Payment or partner invoice information exposure at scale. Potential access to source code. XSS in Toolshed (our internal account management system), or server-side request forgery (SSRF). Vulnerabilities leading to the compromise of an employee account (with a way to bypass two-factor).

Significant Issues ($5,000) - Stored Cross-site Scripting which can cause significant brand damage (e.g. in a homepage), missing authorization checks leading to the exposure of email addresses, date of birth, names, phone numbers, etc.

Medium Issues ($3,000) - Reflected Cross-site Scripting (XSS), most Cross-site Request Forgery (CSRF) issues, access control issues which do not exposed PII but affect other accounts, rate limiting issues, account validation bypasses (being able to change driver picture, etc). Any vulnerability which allows the bulk lookup of user UUIDs (e.g. turn an auto-incrementing ID into a UUID, turn an email into a UUID).

Read more about Bug bounty program

Most important links to check next ...
Still looking for ideas: 7 ways to save money while shopping online 

Popular posts from this blog

Best Uber First ride free promo code valid worldwide provides latest, verified uber promo code for sign up with first free ride worldwide. You will get free ride worth as per your current city only such as $20, £ 15, 3 ride worth Rs 75 each for India etc. Uber mobile app detects device location automatically.

उबेर प्रोमो कोड | अधिकृत, सत्यापित छूट का कूपन | आपकी पहली ट्रिप मुफ़्त है (जानकारी हिंदी भाषा में )

How to Re-authorize or unlink paytm with Uber India App

Having and active Uber and Paytm account is good, but if something goes wrong from either Uber or paytm side, you the customer suffers a lot. You can't book your ride back home, you can't book ride to airport, railway station. It becomes annoying to have such messy technical app. We cannot predict what may happen in future but we may be ready with some preparation.

Uber does all account sweep for security measures from time to time, if it finds any suspicion, it blocks account, put hold on booking a ride, asks for re-verification of ID or payment method. Recently Paytm was hacked and some hacker were able to make payment in paytm from some other account, hance Uber took security measure and put hold on some accounts.

The above image shows Merchants Authorized by you (Screenshot updated), where you can see Uber if you have already added paytm with uber.
How to Re-authorize or unlink paytm with Uber India AppLogin to paytm account on website or register paytmNavigate to Mercha…

How can you regain access of your Uber account once it's disabled?

Update: Banned account is a pain, I have many friends who got locked out form Uber due to suspicious activity, some got their account enabled again after some conversation with Uber support and mostly are banned for life. Here is one scenario when you account may get banned. Read this story till end to get the idea.

Q. How can you regain access of your Uber account once it's disabled?

Recently uber had this scheme of "refer someone, that refferal gets 600 credits and you get 600 when he makes his/her first ride".

I made many people join , though all refferals were real and accounts were created with their permission and presence but all accounts were created from my phone .

I earned many credits. But soon my account was closed down.
Now whenever I try logging in from any acount in my phone  it gets banned within few minutes.

Is there any solution or any hack to avoid this and get my acount back ? I still have 5k credits left in my account and I desperately want it.