Back to directory
WRITEUP #5588

Gaining access to Uber's user data through AMPScript evaluation

OtherAMPScript injection
by@infosec_au(Shubham Shah)
Bounty
23,000
Program
Uber
Published
Jan 14, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://blog.assetnote.io/bug-bounty/2019/01/14/gaining-access-to-ubers-user-data-through-ampscript-evaluation/
RELATED WRITEUPS
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free
Part 2: From Byovdll To Arbitrary Code Execution In Lsass
OtherUse-After-Free

Built with ❤️ by Shubham Rawat