makemytrip-pvt-ltd-bug-bounty-program
3
In Scope
7
Out of Scope
In-Scope Assets (3)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.makemytrip.com | URL | Yes | ||
| https://apps.apple.com/us/app/makemytrip-flight-hotel-bus/id530488359 | IOS | Yes | - | |
| https://play.google.com/store/apps/details?id=com.makemytrip&hl=en | ANDROID | Yes |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| All domains or subdomains not listed in-scope. | OTHER | Yes | |
| Complete Connect Application formerly known as Ingo | OTHER | Yes | |
| Reporting issues on such endpoints where dependency-check & TTL is present will not be considered as a valid bug, however if bug hunter identify any such endpoint lacking dependency-check & TTL would be considered as IDOR. | OTHER | Yes | |
| There are certain endpoints where replaying booking IDs can retrieve other customer details, however for every such endpoints there is a dependency-check between 2 or more IDs is implemented. | OTHER | Yes | |
| homestayawards.makemytrip.com | OTHER | Yes | |
| ilearn.makemytrip.com | OTHER | Yes | |
| planner.makemytrip.com | OTHER | Yes |