BUG POC

How I was able to Hacked into ZOMATO

How I was able to Hacked into ZOMATO

Hello Hackers,

Let’s read some Cybersecurity Blogs

Today I will share my recent updates, Where I reported a bug to Zomato which is of HIGH severity, and how they rewarded me for that, I am going to disclose the vulnerability because the vulnerability had been successfully patched…

We all know about Zomato because I guess we are using it daily or somewhat weekly, so I thought why not hunt over Zomato which is the most popular Food Delivery app…




So at the start, I was looking for the features that Zomato provides and usually, most people don’t know this thing but I tried to exploit some of the features but no luck…

After some time I came across something that was on Zomato’s main page, which was I will share my phone number and Zomato will send an app downlink to my number.

I put my number and hit the share app link and intercepted with Burpsuite when I saw the request and came across the parameter name asdeeplinkwhich was going blank, this hit my mind and I just change it to my website linkhttp://vulndetox.comand guess what I received a message from Zomato and that message contains my link, I was like…

Look at the POC…

After I did this, I received messages from Zomato…

Message received on Android(Link)
Message received on iPhone(Link)




And After some time, I came to know that I can even Inject the TEXT in the deeplink parameter and I Injected Shubham Hacked Zomato!!”.

This, I reported to Zomato through Hackerone and Zomato considered it as LOW severity instead of HIGHseverity.

They Fixed this in 2 days and rewarded me

That’s all for the day and time to say Good Bye for now…

Happy Hacking !!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *