Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
wonder-vdp
31
In Scope
4
Out of Scope
In-Scope Assets (31)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.grubhub.com | WILDCARD | No | ||
| *.jo30.com | WILDCARD | No | ||
| *.seamless.com | WILDCARD | No | ||
| *.tapingo.com | WILDCARD | No | ||
| *.tastemade.com | WILDCARD | No | ||
| 302920553 | IOS | No | - | |
| 971197898 | IOS | No | - | |
| 976642810 | IOS | No | - | |
| api-merchant-gtm.grubhub.com | URL | No | ||
| auth.grubhub.com | URL | No | ||
| com.blueapron.blueapron.release | ANDROID | No | ||
| com.grubhub.android | ANDROID | No | ||
| com.tastemade.app | ANDROID | No | ||
| http://www.blueapron.com/api | URL | No | ||
| http://www.blueapron.com/graphql | URL | No | ||
| https://*.wonder.com | WILDCARD | No | ||
| https://blog.blueapron.com/ | URL | No | ||
| https://core-api.production.claim.co | URL | No | ||
| https://core-api.staging.claim.co | URL | No | ||
| https://cs-dashboard.production.claim.co/graphql | URL | No | ||
| https://cs-dashboard.staging.claim.co/graphql | URL | No | ||
| https://order.wonder.com | URL | No | ||
| restaurant.grubhub.com | URL | No | ||
| sensor.grubhub.com | URL | No | ||
| tastemade.com | URL | No | ||
| www.blueapron.com | URL | No | ||
| www.grubhub.com | URL | No | ||
| www.jo30.com | URL | No | ||
| www.menupages.com | URL | No | ||
| www.seamless.com | URL | No | ||
| www.tapingo.com | URL | No |
Out-of-Scope Assets (4)
| Asset | Category | Bounty | |
|---|---|---|---|
| http://support.wonder.com | URL | No | |
| support.blueapron.com | URL | No | |
| support.grubhub.com | URL | No | |
| support.seamless.com | URL | No |