Takeaway.com

  • $100 – $2,500 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

New Targets added

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some recent changes/updates to the Takeaway.com program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new: (list all updated scope below):

The below targets are part of business2business portal which allows companies to manage monthly and daily allowances paid by the company for their employees when those order food on our platform. Testing them is considered in scope but credentials will not be provided for these targets.

  • https://takeawaypay.azurefd.net/en/takeawaypay/
  • https://takeawaypayapi-ase.tenbis-ase.p.azurewebsites.net/api
  • https://takeawaypay-internal-api-ase.tenbis-ase.p.azurewebsites.net

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Get out there and lay claim to those bugs!