Uber Passenger Ratings Exposed via JavaScript Hack

  • 28 July 2014
  • 0 replies
  • 371 views

Userlevel 7
Comment: Interesting read to say the least on this articles.
=================================================================================================
By Eduard Kovacs on July 28, 2014 The rating given by Uber drivers to their passengers could have been accessed until a few hours ago by simply pasting a piece of JavaScript code into a Web browser's console.
Uber is an increasingly popular mobile application that allows users to instantly book a private car or taxi. The app enables users to rate their drivers, but the drivers themselves can also rate passengers. However, under normal circumstances, passenger ratings are directly available only to other drivers.
On Monday, software enginner Aaron Landy published a blog post containing instructions on how passengers could see their ratings by simply logging in to their accounts and executing a piece of JavaScript code in the Web browser console. After running the code, which makes a call to the Uber Web API, users were presented with a pop-up window containing their name, email address and passenger rating.
 
SecurityWeek/ Full Read Here/ http://www.securityweek.com/uber-passenger-ratings-exposed-javascript-hack

0 replies

Be the first to reply!

Reply