Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Security

Exploit found in Uber earns researcher $10k

Kyle by Kyle
June 8, 2016
in Security, Exploits
1
Uber exploit found, $10k rewarded
75
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Rideshare company and mobile app, Uber, fixed a vulnerability within its website that could have allowed a hacker to log into a few “.uber.com” subdomains with a non existant-password and may have led to their internal networking being compromised.

You might also like

Pompompurin of BreachForums Arrested and Charged

Plex media server seen exploited in the wild utilizing a 3 year old RCE

New TPM 2.0 exploit attackers to access or overwrite sensitive data

Uber provided Finnish security researcher Jouko Pynnönen $10,000 for identifying the exploit a month back, this is the highest bounty the company has paid out since it launched the bug bounty program earlier this year. Currently they have had 230 reports and over $340,570 in reward money paid averaging $500 to $1000 per bounty.

The exploit had two parts, reported Pynnönen, one that enabled him to circumvent the system Uber uses for employee verification, OneLogin, and an exploit which could have let an attacker take over Uber’s internal network, hosted on Atlassian’s Confluence collaboration systems.

The research said the WordPress plugin supplied by OneLogin included a bug that permitted an attacker to provide any username, email address or role they wished.

“If the username doesn’t already exist in the WordPress database, then the plugin will create a new user,” Pynnönen mentioned in the writeup on HackerOne.

Uber was fast to deal with the issues, fixing both of them in a day. Then they awarded Pynnonen with the company’s maximum bounty. The large payout was a result of the chained JavaScript source, something Uber confesses “elevates the impact” of the bug.

Tags: Bug BountyUber
Share30Tweet19
Kyle

Kyle

Co-owner, writer, and editor at ZeroSecurity. Security, Blockchain, and SEO enthusiast. "Formal education will make you a living; self-education will make you a fortune."

Recommended For You

Pompompurin of BreachForums Arrested and Charged

by Paul Anderson
March 17, 2023 - Updated on July 23, 2023
0
Pompompurin of BreachForums Arrested and Charged

On Wednesday afternoon, federal agents arrested a man in Peekskill, New York, for allegedly running a dark web data breach site known as "BreachForums." The suspect, Conor Brian...

Read more

Plex media server seen exploited in the wild utilizing a 3 year old RCE

by Kyle
March 11, 2023
0
Plex RCE responsible-for lastpass breach

CISA, the cybersecurity and infrastructure agency, has included a severe remote code execution (RCE) vulnerability in the Plex Media Server, which is nearly three years old, in its...

Read more

New TPM 2.0 exploit attackers to access or overwrite sensitive data

by Paul Anderson
March 5, 2023
0
New TPM 2.0 Exploit

Two buffer overflow vulnerabilities have been discovered in the Trusted Platform Module (TPM) 2.0 specification, which could give cybercriminals unauthorized access to or the ability to overwrite sensitive...

Read more

Stolen credit card market BidenCash leaks over 2 million credit cards

by Paul Anderson
March 3, 2023
0
Stolen credit card market BidenCash leaks over 2 million credit cards

BidenCash, a marketplace that focuses on carding, has leaked a database of 2,165,700 credit and debit cards to celebrate its first anniversary. Instead of keeping the leak a...

Read more

Google reports a rise in ransomware attacks

by Paul Anderson
July 15, 2022
0
Google reports a rise in ransomware attacks

In the 3rd issue of the recently released, Threat Horizons, Google's Cybersecurity Action Team (GCAT) provides organizations with information about emerging risks and actionable mitigation. Bad actors have...

Read more
Next Post
Angler Exploit Kit remains undetected

Angler Exploit Kit remains undetected

Related News

Emotet now utilizing Onenote for its spam campaigns

Emotet now utilizing Onenote for its spam campaigns

March 26, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.