Instruction: Any asset/application/domain/secret that appears to be owned by Delivery Hero is in scope (example: baemin.com)
Integrity requirements:
Max severity: critical
Asset identifier: Delivery Hero
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
# In scope
> - *.deliveryhero.com
- *.deliveryhero.at
- *.deliveryhero.io
- *.deliveryhero.de
- *.deliveryhero.net
- *.mydhcareer.com
*The subdomains that contain "*.stg./.qa.*" string are considered low priority assets. Bounties will be rewarded accordingly.*
*The same vulnerability that is found on multiple domains will be treated as a single vulnerability. Please report all affected domains in a single report. All subsequent reports will be closed as a Duplicate.*
Integrity requirements:
Max severity: critical
Asset identifier: DámeJídlo.cz
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Any asset/application/domain/secret that appears to be owned by DámeJídlo.cz is in scope (example: damejidlo.cz)
Integrity requirements:
Max severity: critical
Asset identifier: Foodora
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
# In scope
> - *.foodora.com
- *.foodora.se
- *.foodora.fi
- *.foodora.no
- se.onlinepizza (Android)
- de.foodora.android (Android)
- fi.pizzaonline.app (Android)
- id998930867 (iOS)
- id703574232 (iOS)
*The subdomains that contain "*.stg./.qa.*" string are considered low priority assets. Bounties will be rewarded accordingly.*
*The same vulnerability that is found on multiple domains will be treated as a single vulnerability. Please report all affected domains in a single report. All subsequent reports will be closed as a Duplicate.*
Integrity requirements:
Max severity: critical
Asset identifier: Foodpanda
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
# In scope
> - *.foodpanda.com
- *.foodpanda.com.bd
- *.foodpanda.com.kh
- *.foodpanda.la
- *.foodpanda.com.mm
- *.foodpanda.ph
- *.foodpanda.co.th
- *.foodpanda.de
- *.foodpanda.hu
- *.foodpanda.ro
- *.foodpanda.hk
- *.foodpanda.my
- *.foodpanda.ph
- *.foodpanda.tw
- *.foodpanda.jp
- *.foodpanda.pk
- *.foodpanda.sg
- *.fd-api.com
- *.eatoye.pk
- *.eatoye.com
- com.global.foodpanda.android (Android)
- Hu.viala.newiapp (Android)
- id758103884 (iOS)
*The subdomains that contain "*.stg./.qa.*" string are considered low priority assets. Bounties will be rewarded accordingly.*
*The same vulnerability that is found on multiple domains will be treated as a single vulnerability. Please report all affected domains in a single report. All subsequent reports will be closed as a Duplicate.*
Integrity requirements:
Max severity: critical
Asset identifier: Hungerstation
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
# In scope
> - *.hungerstation.com
- com.hungerstation.android.web (Android)
- id596011949 (iOS)
*The subdomains that contain "*staging*" or "*stg/qa*"strings are considered low priority assets. Bounties will be rewarded accordingly.*
Integrity requirements:
Max severity: critical
Asset identifier: InstaShop
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Any asset/application/domain/secret that appears to be owned by InstaShop is in scope (example: instashop.com)
Integrity requirements:
Max severity: critical
Asset identifier: PedidosYa
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
# In scope
> - *.pedidosya.com
> - *.pedidosya.com.ar
*The subdomains that contain "*.stg./.qa.*" string are considered low priority assets. Bounties will be rewarded accordingly.*
*The same vulnerability that is found on multiple domains will be treated as a single vulnerability. Please report all affected domains in a single report. All subsequent reports will be closed as a Duplicate.*
Integrity requirements:
Max severity: critical
Asset identifier: Talabat
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
# In scope
> - *.talabat.com
*The subdomains that contain "*.stg./.qa.*" string are considered low priority assets. Bounties will be rewarded accordingly.*
*The same vulnerability that is found on multiple domains will be treated as a single vulnerability. Please report all affected domains in a single report. All subsequent reports will be closed as a Duplicate.*
Integrity requirements:
Max severity: critical
Asset identifier: Yemeksepeti
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Any asset/application/domain/secret that appears to be owned by Yemeksepeti is in scope (examples: yemeksepeti.com, com.inovel.app.yemeksepeti etc.)
Integrity requirements:
Max severity: critical
Asset identifier: efood.gr
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Any asset/application/domain/secret that appears to be owned by e-food.gr is in scope (example: e-food.gr)
Integrity requirements:
Max severity: critical
Asset identifier: foody
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Any asset/application/domain/secret that appears to be owned by foody is in scope (example: foody.com.cy)
Integrity requirements:
Max severity: critical
Asset identifier: mjam
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Any asset/application/domain/secret that appears to be owned by mjam is in scope (example: mjam.net)
