As soon as i read the vulnerability disclosed on h1 regarding Possibility to brute force invite codes in riders.uber.com "https://hackerone.com/reports/125505" .
I have found similar & easy way to bruteforce invite codes but in different manner .
Also, 1680 public invites are waiting for exploitation .
It was possible to bruteforce the invite codes for unlimited times during my test , making invite codes vulnerable to rate-limiting vulnerability & an attacker can gain free rides with that code .
To summarize the issue , I have included a POC .
 Go to https://get.uber.com/drive/?invite_code=xez7rgs2u  You will be redirected to https://partners.uber.com/join/?invite_code=xez7rgs2u  You will see , ISAAC sent you $100
To claim your reward, sign up to drive today.  Now , again go to , https://get.uber.com/drive/?invite_code=rlior&signup_source=facebook_timeline  You will be redirected to https://partners.uber.com/join/?invite_code=rlior&signup_source=facebook_timeline  You will see , PHILLIP invited you to make money with your car.
To claim your reward, sign up to drive today.
 I didn't claim above reward but it is of $300 value , which can be known , if you search inurl:https://get.uber.com/drive/?invite_code= in Google.  Now , again go to https://partners.uber.com/join/?invite_code=jjjjzk  You will see , Uber needs partners like you.  Bruteforce is easy ;
A rule for detection of following text based bruteforce in response can added in burp suite Intruder > Options > Grep Match .
Valid Codes -  Conatains <h1 class="flush--bottom"> ... sent you $100</h1> Invalid Codes -  Contains <h1>Uber needs partners like you.</h1> Valid but not sure of $ value - Contains <h1 class="flush--bottom"> .... invited you to make money with your car.</h1>
Another devastating thing i have found here is 1680 invite codes are already public in Google , which if an attacker uses he can ride with Uber always for free with invites codes / new account .
Block url invite_code=.... in robots.txt & remove that from Google search results as well .
POC :- Google site:uber.com inurl:?invite_code=
Screenshots uber1 & uber2 attached .
I didn't used any of the invite codes .