Yelp icon Yelp HackerOne

Target Policy
https://hackerone.com/yelp?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • www.yelp.com
    URL
    critical
  • m.yelp.com
    URL
    critical
  • biz.yelp.com
    URL
    critical
  • yelp.nowait.com

    Yelp Waitlist is currently not in scope for this program. Awards will be decided on a case by case basis

    URL
    critical
  • restaurants.yelp.com
    URL
    low
  • www.yelpreservations.com
    URL
    critical
  • auto-api.yelp.com
    URL
    critical
  • mobile-api.yelp.com
    URL
    critical
  • api.yelp.com

    API endpoint for https://www.yelp.com/developers

    URL
    critical
  • biz-app.yelp.com
    URL
    critical
  • www.yelp-support.com
    URL
    high
  • www.yelpwifi.com

    Yelp WiFi is currently not in scope for this program. Awards will be decided on a case by case basis.

    URL
    critical
  • app.yelpwifi.com

    Yelp WiFi is currently not in scope for this program. Awards will be decided on a case by case basis.

    URL
    critical
  • http://*.yelp.com
    WILDCARD
    critical
  • http://*.yelp-support.com
    WILDCARD
    high
  • http://*.yelpwifi.com
    WILDCARD
    low
  • engineeringblog.yelp.com
    URL
    none
  • www.yelp-ir.com
    URL
    none
  • cloud.e.yelp-business.com

    This is a product provided by Salesforce. Please report bugs to the Salesforce Security Team
    https://www.salesforce.com/company/disclosure/

    URL
    none
  • blog.yelp.com
    URL
    none
  • 542767785

    Restaurant Manager iOS app

    APPLE_STORE_APP_ID
    critical
  • *.yelp-support.com
    WILDCARD
    high
  • 936983378

    Yelp for Business Owners

    APPLE_STORE_APP_ID
    critical
  • com.yelp.android

    Yelp Mobile for Android

    GOOGLE_PLAY_APP_ID
    critical
  • yelptop100.com
    URL
    low
  • 284910350

    Yelp Mobile

    APPLE_STORE_APP_ID
    critical
  • *.yelpwifi.com
    WILDCARD
    low
  • com.yelp.android.biz

    Yelp for Business Owners

    GOOGLE_PLAY_APP_ID
    critical
  • *.yelp.com
    WILDCARD
    critical
Target Scope Domains
  • api.yelp.com
  • app.yelpwifi.com
  • auto-api.yelp.com
  • biz-app.yelp.com
  • biz.yelp.com
  • m.yelp.com
  • mobile-api.yelp.com
  • restaurants.yelp.com
  • www.yelp-support.com
  • www.yelp.com
  • www.yelpreservations.com
  • www.yelpwifi.com
  • yelp-support.com
  • yelp.com
  • yelp.nowait.com
  • yelptop100.com
  • yelpwifi.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 29.93 Minutes
  • Finished: 1 year, 1 month ago