Origin Energy

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some recent changes/updates to the Origin Energy program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:

In Scope Targets

• *.download.originenergy.com.au
• dataportal.originenergy.com.au
• *.origindigital-pac.com.au
• *.odcdn.com.au
• *.support.originenergy.com.au
• *.api.originenergy.com.au

API Targets

• https://api.rx.originenergy.com.au/v1/gateway/schema/graphql
• https://api.rx.originenergy.com.au/v1/gateway/schema/kraken/graphql
• https://api.rx.originenergy.com.au/v1/lpg/graphql

Out of Scope

• https://auth.api.originenergy.com.au/**

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Get out there and lay claim to those bugs!