Now that the Uber bug bounty programme has launched publicly, I can publish some of my favourite submissions, which I’ve been itching to do over the past year. This is part one of maybe two or three posts.
On Uber’s Partners portal, where Drivers can login and update their details, I found a very simple, classic XSS: changing the value of one of...