Story Of Hacking Grab And How I Got 10000$ From Grab (Hackerone)
A security guy with 5+ years of experience in web application and mobile pen-testing. My work has been acknowledged across the globe. I have worked with more than 300+ companies to secure them.
So I did not get permission to blog about the whole POC so I will be just throwing some hints here.
Basically, I was able to bypass the grab food’s payment mechanism and it was a serious issue, Imagine ordering foods for free. No more business for grab, so it was closed as a very severe bug and because of its impact grab was kind of forced to shut down the entire service for it and they paid 10000$ upon verifying the issue and another 1000$ later.
Grab acted very responsible in this manner and was very quick with the bounty also I found a similar issue with Grab’s ride application where you can have unlimited rides but unfortunately it was known to them. After my first report and they still paid 1k$ for that which was really generous of them. Moreover, I was also asked to send my resume because of that bug but I had to reject it due to my studies at that time.
The best part about this whole experience was due to some miscommunication grab actually reached out to @nahamsec to join our conversation so that we can clear things up from both sides which was quite fascinating for me.
My Hackerone Profile: h33t
![How I passed OSCP on the first attempt? [ Part 2 ]](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1686190683044%2F403df02f-7fd6-4229-b768-9b3ccbbbb123.avif&w=3840&q=75)
![How I passed OSCP on the first attempt? [ Part 1 ]](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1675787059447%2F54cf15e1-02f9-4f54-b80c-af67f51d1505.png&w=3840&q=75)
