Shipt


reports in last 90 days

8

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Slack token leaking in stackoverflow and devtimes

Cleartext Storage of Sensitive Information streaak Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved

Low Price manipulation via fraction values (Parameter Tampering)

None supplied codeslayer137 Time to triage: 1 Days and 3 hours


Time to close: 220 Days and 17 hours
Resolved

Low Sensitive Clickjacking on admin login page.

UI Redressing (Clickjacking) mdspr99 Time to triage: 1 Days and 10 hours


Time to close: 232 Days and 11 hours
Resolved

Medium Multiple Subdomain Takeovers: fly.staging.shipt.com, fly.us-west-2.staging.shipt.com, fly.us-east-1.staging.shipt.com

Reliance on Reverse DNS Resolution for a Security-Critical Action mubassirpatel Time to triage: 0 Days and 2 hours


Time to close: 3 Days and 4 hours
Resolved

Low Any user can completely delete their own account without authorization and/or going through any kind of membership cancellation protocol.

Improper Access Control - Generic s3cur3 Issue was not triaged


Time to close: 164 Days and 1 hours
Resolved

Medium Subdomain takeover at segway.shipt.com

None supplied plenum Time to triage: 0 Days and 6 hours


Time to close: 0 Days and 3 hours
Resolved

High Subdomain Takeover at test.shipt.com

None supplied m7mdharoun Time to triage: 0 Days and 15 hours


Time to close: 0 Days and 0 hours
Resolved

None Open redirect on marketing site

Open Redirect robd4k Time to triage: 2 Days and 13 hours


Time to close: 385 Days and 1 hours
Resolved