Y
Hacker News
new
|
ask
|
show
|
jobs
by
nathanmock
4127 days ago
Author here: I was able to access employee settings for Uber Technologies, not just employee driver settings.
1 comments
franklinho
4127 days ago
Very cool. With the same approach were you able to manipulate prices or surge/no surge?
Wouldn't be very useful in real life, but if they have a bug bounty program you could report it.
link
jhgg
4127 days ago
I don't think this is the case. Setting this "isAdmin" flag simply caused the UI to be rendered. But I'm pretty sure that require any access to the remote API calls will be rejected.
link
Wouldn't be very useful in real life, but if they have a bug bounty program you could report it.