Story Of Hacking Grab And How I Got 10000$ From Grab (Hackerone)

Story Of Hacking Grab And How I Got 10000$ From Grab (Hackerone)

So I did not get permission to blog about the whole POC so I will be just throwing some hints here.

Basically, I was able to bypass the grab food’s payment mechanism and it was a serious issue, Imagine ordering foods for free. No more business for grab, so it was closed as a very severe bug and because of its impact grab was kind of forced to shut down the entire service for it and they paid 10000$ upon verifying the issue and another 1000$ later.

Grab acted very responsible in this manner and was very quick with the bounty also I found a similar issue with Grab’s ride application where you can have unlimited rides but unfortunately it was known to them. After my first report and they still paid 1k$ for that which was really generous of them. Moreover, I was also asked to send my resume because of that bug but I had to reject it due to my studies at that time.

The best part about this whole experience was due to some miscommunication grab actually reached out to @nahamsec to join our conversation so that we can clear things up from both sides which was quite fascinating for me.

My Hackerone Profile: h33t