New Targets added - Announcements - Just Eat Takeaway.com

$100 – $4,000 per vulnerability
Up to $5,000 maximum reward
Safe harbor

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some recent changes/updates to the Takeaway.com program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new: (list all updated scope below):

The below targets are part of business2business portal which allows companies to manage monthly and daily allowances paid by the company for their employees when those order food on our platform. Testing them is considered in scope but credentials will not be provided for these targets.

https://takeawaypay.azurefd.net/en/takeawaypay/
https://takeawaypayapi-ase.tenbis-ase.p.azurewebsites.net/api
https://takeawaypay-internal-api-ase.tenbis-ase.p.azurewebsites.net

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Get out there and lay claim to those bugs!