Powered by:
Allows bounty splitting:
Average time to first program response: 7
Average time to bounty awarded null:
Average time to report resolved: 79
Handle shipt
Managed program: true
Name: Shipt
Offers bounties: true
Offers swag: false
Response efficiency percentage: 100
Submission state: open
Url: https://hackerone.com/shipt
Website: https://shop.shipt.com
In scope:
Asset identifier: *.shipt.comAsset type: URLAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: highMax severity: critical
Asset identifier: 971888874Asset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: IOS Member AppIntegrity requirements: Max severity: critical
Asset identifier: 976353472Asset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: IOS Shopper AppIntegrity requirements: Max severity: critical
Asset identifier: admin.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: *No credentials will be provided. Unauthenticated assessment only.Integrity requirements: Max severity: critical
Asset identifier: api.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: app.shipt.comAsset type: URLAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: highMax severity: critical
Asset identifier: com.shipt.groceriesAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Shipt Member AppIntegrity requirements: Max severity: critical
Asset identifier: com.shipt.shopperAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Shipt Shopper AppIntegrity requirements: Max severity: critical
Asset identifier: shop.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: shoppingcart.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: staging-admin.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: *No credentials will be providedIntegrity requirements: Max severity: critical
Asset identifier: staging-api.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: staging-app.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: staging-shop.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: staging-shoppingcart.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: critical
Asset identifier: www.shipt.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Please follow normal scope (no DOS, social engineering, etc.) and please refrain from assessing any other wp-engine platforms. Integrity requirements: Max severity: critical
