Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
moovit-mbb-og
4
In Scope
3
Out of Scope
In-Scope Assets (4)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| All In Scope Targets | OTHER | No | - | |
| https://apps.apple.com/us/app/moovit-all-transit-options/id498477945 | IOS | No | - | |
| https://play.google.com/store/apps/details?id=com.tranzmate&hl=en_US | ANDROID | No | ||
| https://support.moovitapp.com/hc/en-us/articles/11389054527122-WayFinder-Augmented-Reality-helper-to-find-your-stop-iPhone-only | IOS | No | - |
Out-of-Scope Assets (3)
| Asset | Category | Bounty | |
|---|---|---|---|
| Any WebView sources or web application rendered within the mobile applications | OTHER | No | |
| Every Web App is Out Of Scope. | URL | No | |
| Every app not related to the Moovit mobile application. | OTHER | No |