Forwarded from Bug Bounty Channel
Hacktivity from maxdha
https://hackerone.com/reports/2014955
Disclosed at: 2024-04-11 09:01:27 UTC+0
Created at: 2023-06-06 17:18:15 UTC+0
\#1 XSS on watchdocs\.indriverapp\.com
https://hackerone.com/reports/2014955
Disclosed at: 2024-04-11 09:01:27 UTC+0
Created at: 2023-06-06 17:18:15 UTC+0
HackerOne
inDrive disclosed on HackerOne: #1 XSS on watchdocs.indriverapp.com
And subscribe to our telegram channel with updates https://t.me/indrive_bbp
Forwarded from Bug Bounty Channel
Hacktivity from maxdha
https://hackerone.com/reports/2015074
Disclosed at: 2024-04-11 08:33:21 UTC+0
Created at: 2023-06-06 20:12:30 UTC+0
\#2 XSS on watchdocs\.indriverapp\.com
https://hackerone.com/reports/2015074
Disclosed at: 2024-04-11 08:33:21 UTC+0
Created at: 2023-06-06 20:12:30 UTC+0
HackerOne
inDrive disclosed on HackerOne: #2 XSS on watchdocs.indriverapp.com
And subscribe to our telegram channel with updates https://t.me/indrive_bbp
Forwarded from Bug Bounty Channel
Hacktivity from maxdha
https://hackerone.com/reports/2028265
Disclosed at: 2024-04-11 08:33:03 UTC+0
Created at: 2023-06-16 01:50:00 UTC+0
\#3 XSS on watchdocs\.indriverapp\.com
https://hackerone.com/reports/2028265
Disclosed at: 2024-04-11 08:33:03 UTC+0
Created at: 2023-06-16 01:50:00 UTC+0
HackerOne
inDrive disclosed on HackerOne: #3 XSS on watchdocs.indriverapp.com
And subscribe to our telegram channel with updates https://t.me/indrive_bbp
Hello, security researchers!
We are happy to announce a new feature - authentication via Google, as well as a new campaign. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
We are happy to announce a new feature - authentication via Google, as well as a new campaign. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
inDrive Bug Bounty Updates pinned «Hello, security researchers! We are happy to announce a new feature - authentication via Google, as well as a new campaign. Details can be found here! Good luck hunting. Best wishes, InDrive Security Team.»
Hi, could you please take a quick survey.
Which bugbounty site do you prefer?
Which bugbounty site do you prefer?
Anonymous Poll
75%
HackerOne
15%
Bugcrowd
3%
Integrity
2%
YesWeHack
5%
Other
inDrive Bug Bounty Updates
Hello, security researchers! We are happy to announce a new feature - authentication via Google, as well as a new campaign. Details can be found here! Good luck hunting. Best wishes, InDrive Security Team.
Results of the last campaign which lasted from June 17 to July 17, 2024.
Total reports received: 264
Valid reports: 29
Total payouts: $8,565.00
Stay tuned for updates so you don't miss out on the next campaigns. Have a great day and good hunting.
Best wishes,
InDrive Security Team.
Total reports received: 264
Valid reports: 29
Total payouts: $8,565.00
Stay tuned for updates so you don't miss out on the next campaigns. Have a great day and good hunting.
Best wishes,
InDrive Security Team.
Hello, security researchers!
We have launched a new promotion, in the next few weeks all prices from our pay table will be increased by 1.25. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
We have launched a new promotion, in the next few weeks all prices from our pay table will be increased by 1.25. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
HackerOne
inDrive - Bug Bounty Program | HackerOne
The inDrive Bug Bounty Program enlists the help of the hacker community at HackerOne to make inDrive more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally…
inDrive Bug Bounty Updates pinned «Hello, security researchers! We have launched a new promotion, in the next few weeks all prices from our pay table will be increased by 1.25. Details can be found here! Good luck hunting. Best wishes, InDrive Security Team.»
api_methods.csv
186.7 KB
Hello, security researchers!
I hope this message catches you in good health. In the attachment you will find a CSV file containing a list of endpoints to scan. The file contains the following columns:
Method: the HTTP method used for the request (e.g. GET, POST).
Hostname: The domain name of the server to which the requests are being made.
URL: The full URL of the endpoint.
NOTE: If you get a 410 Gone response status when accessing an endpoint, then you are trying to access the wrong region. For example, no-cf.<region>.aws.indriverapp.com returns 410, try changing regions.
List of regions: africa.afso1, cis.euce1, eu.euce1, euce1, fr1.baremetal, global, latam-br.saea1, latam-co. saea1, latam-mx.saea1, latam-mx.usea1, latam-pe.saea1, latam.saea1, mena-eg.meso1, mena.meso1, sa-in.apso1, sa.apso1, sea.apse3, usa.usea2
We hope you can use this information to analyze the security of these endpoints in more detail. Good luck hunting.
Best wishes,
InDrive Security Team.
I hope this message catches you in good health. In the attachment you will find a CSV file containing a list of endpoints to scan. The file contains the following columns:
Method: the HTTP method used for the request (e.g. GET, POST).
Hostname: The domain name of the server to which the requests are being made.
URL: The full URL of the endpoint.
NOTE: If you get a 410 Gone response status when accessing an endpoint, then you are trying to access the wrong region. For example, no-cf.<region>.aws.indriverapp.com returns 410, try changing regions.
List of regions: africa.afso1, cis.euce1, eu.euce1, euce1, fr1.baremetal, global, latam-br.saea1, latam-co. saea1, latam-mx.saea1, latam-mx.usea1, latam-pe.saea1, latam.saea1, mena-eg.meso1, mena.meso1, sa-in.apso1, sa.apso1, sea.apse3, usa.usea2
We hope you can use this information to analyze the security of these endpoints in more detail. Good luck hunting.
Best wishes,
InDrive Security Team.
Subdomains.csv
4 KB
Hello security researchers,
We are attaching a list of subdomains for in-depth vulnerability analysis. We hope this information will be useful for you.
Good luck hunting.
Best wishes,
InDrive Security Team.
We are attaching a list of subdomains for in-depth vulnerability analysis. We hope this information will be useful for you.
Good luck hunting.
Best wishes,
InDrive Security Team.
Subdomains_ext.csv
5.5 KB
Hello security researchers,
New subdomain package.
Good luck hunting.
Best wishes,
InDrive Security Team.
New subdomain package.
Good luck hunting.
Best wishes,
InDrive Security Team.
The Journey of Launching a Bug Bounty Program
In the article “Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty Program”, I dive into how we launched and developed our bug bounty program, collaborated with white hat hackers to identify vulnerabilities, optimized security processes, and fostered a culture focused on data protection.
Read the Article:
- On HackerNoon
- On Medium
This publication is the result of the collective efforts of our entire information security team. Please share the links, leave your comments, and help us spread the word about our achievements.
Together, let’s make inDrive a safer place!
Best wishes,
InDrive Security Team.
In the article “Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty Program”, I dive into how we launched and developed our bug bounty program, collaborated with white hat hackers to identify vulnerabilities, optimized security processes, and fostered a culture focused on data protection.
Read the Article:
- On HackerNoon
- On Medium
This publication is the result of the collective efforts of our entire information security team. Please share the links, leave your comments, and help us spread the word about our achievements.
Together, let’s make inDrive a safer place!
Best wishes,
InDrive Security Team.
Hackernoon
Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty Program
Learn how inDrive's bug bounty program strengthens cybersecurity by collaborating with white hat hackers to detect vulnerabilities and optimize security process
Hello, security researchers!
We have launched a new promotion, in the next few weeks all prices from our pay table will be increased by 1.5. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
We have launched a new promotion, in the next few weeks all prices from our pay table will be increased by 1.5. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
HackerOne
inDrive - Bug Bounty Program | HackerOne
The inDrive Bug Bounty Program enlists the help of the hacker community at HackerOne to make inDrive more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally…
Hello, security researchers!
We have launched a new campaign, in the next few weeks all prices from our pay table will be increased by 1.5. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
We have launched a new campaign, in the next few weeks all prices from our pay table will be increased by 1.5. Details can be found here! Good luck hunting.
Best wishes,
InDrive Security Team.
HackerOne
inDrive - Bug Bounty Program | HackerOne
The inDrive Bug Bounty Program enlists the help of the hacker community at HackerOne to make inDrive more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally…
inDrive Bug Bounty Updates pinned «Hello, security researchers! We have launched a new campaign, in the next few weeks all prices from our pay table will be increased by 1.5. Details can be found here! Good luck hunting. Best wishes, InDrive Security Team.»