The CEO/Founder of AppSecure, Forbes 30 under 30 - 2017, Bug Bounty Hunter, Ex-Flipkart
This post is about an account takeover vulnerability on Uber which allowed attackers to takeover any other user’s Uber account (including riders, partners, eats) accounts by supplying user uuid in the API request and using the leaked token in the API response to hijack accounts.
The vulnerabilities mentioned in this blog post were plugged quickly by the engineering teams of Facebook and Tinder.
This post is about a simple vulnerability we discovered on Facebook which we could have used to hack into other users’ Facebook accounts easily and without any user interaction.
This post is about a critical bug on Uber which could have been used by hackers to get unlimited free Uber rides anywhere in the world. This post also explains few best practices while integrating payment gateways.