Bykea: Lack of minimum value bid wheel verification on customer_bid in Rental Trips

A missing validation on the customerbid field when creating rental trips allowed passengers to submit arbitrary bid amounts, including very low fares. Proper validation was added to prevent unrealistic values...

Bykea: Lack of Feedback Validation Permits Arbitrary Driver Ratings

The vulnerability discovered by @bugbountywithmarco in Bykea's feedback system allowed authenticated passengers to submit feedback for drivers they had not actually ridden with. The exploit was limited to trips the attacker legitimately owned, and each trip could only affect one driver rating at ...

Malicious code in bykea (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1855 Malicious code in bykea (npm)

--- -= Per source details. Do not edit below this line.=-...

Bykea: Broken Access Control (IDOR) in Booking Detail and Bids Could Leads to Sensitive Information Disclosure

The report identified a vulnerability in the Bykea application's booking detail and bids endpoints that could lead to the disclosure of sensitive information. The vulnerable endpoints allowed an attacker to access the booking details, bids information, and bids configuration of other users by...

BYKEA data breach: Pakistani ride-hailing app exposed 400m records

By Waqas According to researchers, BYKEA's 200 GB worth of database was exposed on an Elasticsearch server. This is a post from HackRead.com Read the original post: BYKEA data breach: Pakistani ride-hailing app exposed 400m records...

Hackers delete Bykea database, company avoids data loss due to backups

By Waqas Muneeb Maayr of Bykea confirmed that their services were affected. This is a post from HackRead.com Read the original post: Hackers delete Bykea database, company avoids data loss due to backups...