Malicious code in zomato-sushi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...

MAL-2026-6254 Malicious code in zomato-sushi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...

Malicious code in zomato-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dccb8b8b32337c2a257a763c273e03367ec07c904b5db0c07dbf514d546709d On npm install, the package's preinstall lifecycle script in package.json runs curl to POST the installer's hostname, current user whoami, working...

MAL-2026-6252 Malicious code in zomato-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dccb8b8b32337c2a257a763c273e03367ec07c904b5db0c07dbf514d546709d On npm install, the package's preinstall lifecycle script in package.json runs curl to POST the installer's hostname, current user whoami, working...

MAL-2026-6253 Malicious code in zomato-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a12373009dd17131e45f4d20570904f2b8074367ee8b121e60a3ce5764fa00 The package's package.json declares a preinstall lifecycle hook that runs curl to POST the installer's hostname, whoami, current working directory, a...

Malicious code in zomato-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a12373009dd17131e45f4d20570904f2b8074367ee8b121e60a3ce5764fa00 The package's package.json declares a preinstall lifecycle hook that runs curl to POST the installer's hostname, whoami, current working directory, a...

Malicious code in zomato-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a1b48a397992964f8f3982dc69a33431bfb26c911c29a1e5d124581cef46a40 Dependency-confusion package targeting an internal Zomato namespace. The package ships only a stub index.js module.exports = name: 'zomato-config',...

MAL-2026-6251 Malicious code in zomato-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a1b48a397992964f8f3982dc69a33431bfb26c911c29a1e5d124581cef46a40 Dependency-confusion package targeting an internal Zomato namespace. The package ships only a stub index.js module.exports = name: 'zomato-config',...

EUVD-2017-7409

Malware in sbrugna...

Zomato: OTP Bypass via Response Manipulation

OTP One-Time Password bypass via response manipulation is a technique where an attacker intercepts and alters the server's response to bypass the OTP verification step. Response Manipulation: The attacker manipulates the server's response. For example, they might change a response indicating OTP...

Malicious Package

Overview zomato-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

MAL-2022-7411 Malicious code in zomato-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60445d8fccd3c824c3ba2594e839f7c6a8a2c1c798879fe0509ab73b7c58481d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in zomato-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60445d8fccd3c824c3ba2594e839f7c6a8a2c1c798879fe0509ab73b7c58481d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Zomato: Race condition in User comments Likes

The researcher found a Race Condition to artificially inflate the upvotes of user comments in the Restaurant's review section...

send.zomato.com Open Redirect vulnerability OBB-2283580

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Zomato: Add upto 10K rupees to a wallet by paying an arbitrary amount

| TimeStamp | Action | |----------|:-------------:| | Wed, 24 Nov 2021, 11:24 IST | Received the report | | Wed, 24 Nov 2021, 11:25 IST | Validation and analysis of issue initiated | | Wed, 24 Nov 2021, 11:28 IST | Vulnerability reported to the respective Internal Team | | Wed, 24 Nov 2021, 11:36...

Zomato: Subdomain takeover of fr1.vpn.zomans.com

Summary fr1.vpn.zomans.com points to an AWS EC2 instance at 52.47.57.107 that no longer exists. I was able to take control of this IP address and run my own EC2 instance. I can now serve content on this domain, obtain a TLS certificate for this domain, etc. If any customers or servers are pointin...

Zomato: subdomain takeover on fddkim.zomato.com

Our subdomain fddkim.zomato.com was vulnerable to a 0-day subdomain takeover vulnerability on Freshdesk. The DNS entry was removed on our end to fix this. HOW I hacked thousand of subdomains writeup--https://medium.com/@moSec/how-i-hacked-thousand-of-subdomains-6aa43b92282c...

Zomato: [api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query

Disclosing it as per the request from @zzzhacker13. This report is identical to 844428 but this one was on a different endpoint. POC - - :v2/red/homepage.json?lat=&lon=&cityid=!dismax+df=cityid86&androidcountry=US&lang=en&androidlanguage=en Zomato Security Team...

Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

@zzzhacker13 identified a Solr Injection on the userid parameter at :/v2/leaderboardv2.json. Our team analyzed internally and found that only fq=injection was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one...