Grab Bug Bounty Program Statistics | BugBountyHunter.com

Grab Program Statistics

19 total issues disclosed

$34,301 total paid publicly

Most disclosed (4 disclosures) — Information Disclosure

Disclosed Reports

Show entries

Search:

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com	Array Index Underflow	todayisnew	Medium	2021-02-24
[Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure	Cross-site Scripting (XSS) - Generic	bagipro	High	2019-03-16
[growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite	Cross-site Scripting (XSS) - Reflected	ysx	Medium	2018-03-02
[parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/	Cross-site Scripting (XSS) - DOM	vagg-a-bond	Medium	2017-08-16
Access Grab_Road BigData Database via Open Presto coordinator	Information Disclosure	vinothkumar	Critical	2017-11-30
Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App	Improper Authentication - Generic	sp1d3rs	High	2017-09-14
Blind stored xss [parcel.grab.com] > name parameter	Cross-site Scripting (XSS) - Stored	paresh_parmar	Critical	2017-09-14
CSV Injection https://hub.grab.com	Command Injection - Generic	poison	Medium	2017-10-27
Dom based xss affecting all pages from https://www.grab.com/.	Cross-site Scripting (XSS) - DOM	netfuzzer	Medium	2017-08-17
Git repository found	Information Disclosure	linkks	High	2017-08-13
Leak ██████████ information in real time through API request	Improper Authentication - Generic	severus	High	2018-02-03
Leaking sensitive information on Github lead full access to all Grab Slack channels	Information Disclosure	xsam	Critical	2018-09-11
Private Grab Messages on Android App can be accessed and cached by Search Engines	None supplied	sp1d3rs	Medium	2017-09-14
Registration enabled on ███grab.com	Information Disclosure	grouptherapy	Medium	2018-02-28
stored xss in comments : driver exam	Cross-site Scripting (XSS) - Generic	paresh_parmar	Medium	2017-11-30
Two-factor authentication bypass on Grab Android App	Improper Authentication - Generic	sp1d3rs	Medium	2017-09-12
Unrestricted access to Eureka server on ██████	Improper Access Control - Generic	reptou	Medium	2018-02-06
Unrestricted access to https://██████.█████myteksi.net/	Improper Access Control - Generic	reptou	Medium	2018-02-12
www.drivegrab.com SQL injection	SQL Injection	jouko	High	2017-11-17

Showing 1 to 19 of 19 entries