EUVD-2017-7409

Malware in sbrugna...

Zomato: OTP Bypass via Response Manipulation

OTP One-Time Password bypass via response manipulation is a technique where an attacker intercepts and alters the server's response to bypass the OTP verification step. Response Manipulation: The attacker manipulates the server's response. For example, they might change a response indicating OTP...

Malicious Package

Overview zomato-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious code in zomato-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60445d8fccd3c824c3ba2594e839f7c6a8a2c1c798879fe0509ab73b7c58481d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7411 Malicious code in zomato-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60445d8fccd3c824c3ba2594e839f7c6a8a2c1c798879fe0509ab73b7c58481d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Zomato: Race condition in User comments Likes

The researcher found a Race Condition to artificially inflate the upvotes of user comments in the Restaurant's review section...

send.zomato.com Open Redirect vulnerability OBB-2283580

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Zomato: Add upto 10K rupees to a wallet by paying an arbitrary amount

| TimeStamp | Action | |----------|:-------------:| | Wed, 24 Nov 2021, 11:24 IST | Received the report | | Wed, 24 Nov 2021, 11:25 IST | Validation and analysis of issue initiated | | Wed, 24 Nov 2021, 11:28 IST | Vulnerability reported to the respective Internal Team | | Wed, 24 Nov 2021, 11:36...

Zomato: Subdomain takeover of fr1.vpn.zomans.com

Summary fr1.vpn.zomans.com points to an AWS EC2 instance at 52.47.57.107 that no longer exists. I was able to take control of this IP address and run my own EC2 instance. I can now serve content on this domain, obtain a TLS certificate for this domain, etc. If any customers or servers are pointin...

Zomato: subdomain takeover on fddkim.zomato.com

Our subdomain fddkim.zomato.com was vulnerable to a 0-day subdomain takeover vulnerability on Freshdesk. The DNS entry was removed on our end to fix this. HOW I hacked thousand of subdomains writeup--https://medium.com/@moSec/how-i-hacked-thousand-of-subdomains-6aa43b92282c...

Zomato: [api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query

Disclosing it as per the request from @zzzhacker13. This report is identical to 844428 but this one was on a different endpoint. POC - - :v2/red/homepage.json?lat=&lon=&cityid=!dismax+df=cityid86&androidcountry=US&lang=en&androidlanguage=en Zomato Security Team...

Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

@zzzhacker13 identified a Solr Injection on the userid parameter at :/v2/leaderboardv2.json. Our team analyzed internally and found that only fq=injection was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one...

Zomato: Lack of Password Confirmation for Account Deletion

Description: Issue in the zomato android application is that the user account can be deleted without confirming user password or re authentication. The removal of account is one of the sensitive part of any application that needs to protect, therefore removing an account should validate the...

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

Zomato: Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter

Hi Team I have found an issue in support rider amount calculation at the time of checkout where the amount is tamperable by negative fraction of rupees which makes the total amount decreased by maximum of 1rs. POC - 1-Goto - zomato.com 2 - Add anything to your cart 3- At the checkout page , Add...

Zomato: The vulnerabilities found were XSS, Public disclosure, Network enumeration via CSRF, DLL hijacking.

Summary IP found using ping command- 52.77.124.190 Then I used nmap tool to find the indepth information. I used burp suite and DNS scanner but it was not fruitful. Then I explored some GitHub repositories to perform thorough web-application testing. Using Aquatone I found some hidden domains. Th...

Zomato: [www.zomato.com] Abusing LocalParams (city) to Inject SOLR query

Hi Team! ; I Found an limited SOLR Injection by Abusing LocalParams city in /webapi/searchapi.php, Therefore Please respect my decision to mark this report as Medium instead of High Based on the fact the code is Vulnerable even if it's hard to exploit. - Request adding single Backslash: http GET...

Zomato: [www.zomato.com] Blind SQL Injection in /php/geto2banner

Hi Team! Our team discovered a Blind SQL Injection by Abusing LocalParams resid in /php/geto2banner We are working to create a full PDF Report as an WriteUp ; Here is a Temporal Exploit based on the Vulnerable request: POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close...

Zomato: [www.zomato.com] Blind SQL Injection in /php/widgets_handler.php

Disclosing it as per the request from @zzzhacker13. This report is identical to 838855 but it was just on a different endpoint. POC - - :/php/widgetshandler.php?method=getResWidgetButton&resid=51-CASE//WHENLENGTH​version​=​10​THENSLEEP61END Zomato Security Team...

Zomato: Mathematical error found in meals for one

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out th Wrong calculation is done by the...