Uber: Hack us and we’ll give you up to $10,000

By: Unknown on 1:04 AM

Share it Please

Tweet

Today, Uber — the site with a bit of an image problem when it comes to security — opened the doors on its bug bounty program and promised payouts of up to $10,000.

The program has very specific examples of what qualifies for a reward, such as cross-site scripting (XSS), SQL injection, server-side remote code execution (RCE) and others. You can find what it it is, and isn’t, looking for here. Or, you can peruse the company’s blog post for information about specific technologies in use across several Uber Web properties, including:

• https://*.uber.com/
• https://*.dev.uber.com/
• http://petition.uber.org
• http://ubermovement.com
• iPhone Rider Application
• iPhone Partner Application
• Android Rider Application
• Android Partner Application

If you find a bug, you'll be paid $3,000 to $10,000 for issues for one of the items on its hit list, or you'll get a nice firm pat on the back if you find an issue related to fraud, as Uber isn't currently rewarding those who find fraud issues.