Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

2018-04-19T11:19:06
ID H1:340431
Type hackerone
Reporter healdb
Modified 2020-04-30T21:12:45

Description

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data.

Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, thanks for disclosing @uber!

This bug reinforces to me that hackers should always examine microsites as well as core domains, sometimes bugs on microsites can lead to significant data exposure. In this case, lioncityrentals.com.sg was collecting data on thousands of Uber Singapore users, which was then exposed by the outdated Wordpress plugin.

You can read more about the formidable forms vulnerability here - https://klikki.fi/adv/formidable.html

And be sure to check out my blog https://healdb.tech/blog.html for Bug Bounty tips and guides!