Uber just launched a bug bountry program that will pay up to $10,000 for critical vulnerabilities that could affect their users.
They are mainly interested in the following categories of vulnerabilities:
Cross-site Scripting (XSS) Cross-site Request Forgery Server-Side Request Forgery (SSRF) SQL Injection Server-side Remote Code Execution (RCE) XML External Entity Attacks (XXE) Open Redirect Vulnerabilities Access Control Issues Full Path Disclosure Exposed Administrative Panels and Ports (Excluding OneLogin) Directory Traversal Issues Local File Disclosure (LFD) Information Disclosure of Sensitive Information
Rewards depend on severity:
Critical issues ($10,000) Significant Issues ($5,000) Medium Issues ($3,000)