Shipt

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
971888874 APPLE_STORE_APP_ID critical
IOS Member App
976353472 APPLE_STORE_APP_ID critical
IOS Shopper App
admin.shipt.com URL critical
*No credentials will be provided. Unauthenticated assessment only.
api.shipt.com URL critical
app.shipt.com URL high high high critical
com.shipt.groceries GOOGLE_PLAY_APP_ID critical
Shipt Member App
com.shipt.shopper GOOGLE_PLAY_APP_ID critical
Shipt Shopper App
shop.shipt.com URL critical
shoppingcart.shipt.com URL critical
staging-admin.shipt.com URL critical
*No credentials will be provided
staging-api.shipt.com URL critical
staging-app.shipt.com URL critical
staging-shop.shipt.com URL critical
staging-shoppingcart.shipt.com URL critical
www.shipt.com URL critical
Please follow normal scope (no DOS, social engineering, etc.) and please refrain from assessing any other wp-engine platforms. Only www.shipt.com and subdirectories of the site are in scope.
*.shipt.com URL high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity