Mondelēz International
Mondelēz International takes vulnerability disclosures seriously and appreciates the security researchers’ efforts. Mondelēz International is committed to establishing a transparent and open communication with researchers.
The Purpose of the Vulnerability Disclosure Policy (VDP) is to give security researchers clear guidelines for conducting vulnerability research, discovery, and reporting against Mondelēz International systems.
Mondelēz International accepts vulnerability findings from various sources such as independent security researchers, industry partners, or customers. Mondelēz defines a vulnerability as a technical flaw or weakness found in a system that can be leveraged to compromise the confidentiality, integrity, or availability of Mondelēz International products, services, and data. Please see the rules of engagement for security researchers below.
If all the associated guidelines highlighted in this policy are followed during the security research, Mondelēz International will consider the research to be authorized, and will look to collaborate to understand any discovered issues quickly. Mondelēz International will not recommend or pursue legal action against authorized activities that are in accordance with this policy.
# Test Instructions
Please use a user agent header in your HTTP(S) requests, and for non-HTTP requests we strongly recommend you add identification to artifacts in POCs, and, or payloads so our teams can identify you as a verified hacker and not a malicious attacker: h1:<vdp-hackeroneusername>.
==If you forget to tag your traffic, please list your IP in the submission form.==
No credentials are required or provided for this program. If you self-register for any accounts, please register with your @wearehackerone.com email address. You may not use exposed credentials to continue testing without written consent from Mondelēz International.
Notify us immediately upon discovery of any real security issues via the submission form on this page, or our security webpage <https://www.mondelezinternational.com/vulnerability-disclosure>. Please fill out the Vulnerability Disclosure Template in detail.
HackerOne will acknowledge that the submission was received within two (2) business days of the submission date. (Requires contact information. We cannot communicate with anonymous submissions).
HackerOne will validate steps to reproduce, proof of concept, and severity. Further details may be requested to properly triage the submission. Below are details requested to assist with triaging the reported finding:
URL
Vulnerability description
Potential impact of the issue reported
Step-by-step re-production instructions including technical details
Any proof-of-concept code that is used
Remediation or mitigation steps for the reported issue
Any tools utilized to detect the issue
Security researchers must carry out the following activities:
DO:
Notify us immediately upon discovery of any real or potential security issues
Discard and purge any stored Mondelēz International data upon reporting a vulnerability finding
Security researchers must not carry out the following activities:
DO NOT:
Test any systems not specified in Appendix A: In-scope systems.
Conduct any testing that may disrupt, impair, or disable Mondelēz International systems (e.g. DoS, DDoS).
Engage in social engineering of Mondelēz International employees, contractors, and customers.
Physically test any facilities or resources (e.g., office access, tailgating), send any unsolicited or social engineering mail to any Mondelēz International users (e.g., phishing, vishing).
Exploit any vulnerability beyond the minimal amount of testing required to identify an indicator related to the vulnerability.
Compromise, copy or exfiltrate any data from any systems.
Test any third-party websites, applications, or services that integrate with or link to/from Mondelez International systems.
Carry on with the testing if you find vulnerabilities involving sensitive data, including personally identifiable information or proprietary data. In this case, you must stop your test and notify us immediately and you must not disclose this data to anyone.
Discuss this program or any vulnerabilities (even resolved ones) outside of the program without express written consent (including via email) from Mondelēz International.
Upon submission of the finding, the Mondelēz International team will:
Acknowledge that the submission was received within two (2) business days of the submission date.
Collaborate to validate and resolve reported vulnerability findings.
Thank you for helping keep our company and our users safe!
110birthday.oreo.com
175ans.lu.fr
5ka.alpengold.me
5ka.milka.ru
5ka.milkatender.ru
5ka-mdlz.ru
5starnothingcoin.com
7days.com
agencywire.mdlzapps.com
aldi.nyerjakedvenceiddel.hu
alpengold.me
amea.mondelezinternational.com
anevetessport.hu
apolo.hellojoy.es
app.enjoymdlz.pl
app.enjoymdlz.pl/Login.aspx
back2school-gewinnspiel.at
barni.org
barnipromo.ro
base-mondelez-ag.fr
bassettsvitamins.co.uk
batman.oreo.com.br
bbdr.cz
bbdr.sk
beldent.com.ar
beldent.com.uy
belvita.eu
belvita.life
belvita.pl
belvita.se
belvitabreakfast.com
belvitapromo.ro
bg.barniworld.com
biskuatacademy.com
bolachasprince.pt
bontasenzasegreti.fattorieosella.it
bournville.in
brumikobjavitel.sk
brumikobjevitel.cz
cadbury.co.nz
cadbury.co.uk
cadbury.co.za
cadbury.com.au
cadbury.ie
cadbury.one
cadburycelebrationsgifting.com
cadburycelebrationsmyfirstrakhi.com
cadburychocobakesshop.in/cadburychocobakes/231403
cadburycustomer.com.au
cadburydonateyourkit.co.nz
cadburyfavourites.co.nz
cadburyfavourites.com
cadburyfc.com
cadburyfusefit.in/cadburyfuse/223405
cadburygems.in
Cadburygifting.in
cadburygiftsdirect.co.uk
cadburyperktakeitlight.com
cadburypurpleheart.in
cadburysilk.com
cadburyungkapanhati.com
cadburywingold.co.nz
cadburyworld.co.uk
cadouritandre.ro
candybarencasa.com
capaofruit.com
captain.cadburyfc.com
caramilk.ca
caramilkseldemer.ca
catalogo.hellojoy.es
cerealitas.com.ar
cheeseanything.com
cheesecakeperfect.ro
chipita.com
chipsahoy.es
chipsahoy.pt
ciasteczkowe.pl
clight.com.mx
clorets.jp
cloud.mdlzinsights.com
cocoalife.org
contactus.mdlzapps.com
cookbook.cadbury.co.uk
cotedor.com
cotedor.it
cotedor.nl
cotedor-chocolat.fr
cotedorgifts.com
ct-hopp.interlogsolutions.net
ct-uat2.interlogsolutions.net/ct-hopp
dairylea.co.uk
de.cocoalife.org
de.oreo.eu
de.philadelphia.ch
declaratiedetandrete.ro
deliciousdisplay.co.uk
dentyne.com
desayunadisfrutando.philadelphia.es
dessertscorner.com
detoutcoeuraveclesbleus.milka.fr
digitalaccelerator-mdlz.com
dimomentoinmomento.philadelphia.it
dirtkitchensnacks.com
dirolplay.com
dirol-promo.ru
disclaimer.mondelezinternational.com
discoverteddy.com
donutmuffin.milka.de
edeka.milka.de
egyedimilka.hu
ejackson.co.uk
es.cocoalife.org
eu.mondelezinternational.com
experienciashalls.pt
fattorieosella.it
fcmilka.de
figaro.cz
figaro.sk
fineti.com
first.com.tr
fontaneda.es
fonzies.it
fr.cocoalife.org
fr.cotedor.be
fr.oreo.eu
fr.philadelphia.be
fr.philadelphia.ch
fr.v6-labs.ch
freia.no
freiahjemmekonditori.no
freiasjokoladetester.no
fs.mdlz.com
fundraising.co.nz
fundraising.com.au
fuehl-dich-gut.philadelphia.de
game.milka.bg
ganacontridentyhalls.es
gdpr-readiness-kit.mondelezinternational.com
generasitiger.com
gethalls.ca
gethalls.com
gewinnspiel.mikado.tv
go.milka.bg
gold.tasteglory.ca
goodthins.com
goutezlavictoire.ca
gratistesten.lu-original.de
greenandblacks.co.uk
gustaredetop.ro
gustulcalatoriei.ro
halls.jp
halls.win
hallsbreathofthailand.com
hallsdarkcherry.com
hallsminiscameo.com
harmony.info
haztudiadelicioso.com
health-pro.snackmindful.com
hiddenegg.cadbury.co.nz
hideandfind.cadbury.co.uk
holidayoreorecipes.com
hollywood-chewinggum.fr
in.mondelezinternational.com
ir.mondelezinternational.com
jello.com.mx
jeu.princedelu.fr
jeuhollywood.fr
jocca.it
jp.mondelezinternational.com
jp.mondelezinternational.com/home
jubilee.cadbury.co.uk
kaufland.milka.de
keksihylly.fi
klubbkakan.marabou.se
lacta.com.br
lacta.gr
learnwithbournvita.com
lenta.belvita.life
leo.be
letschatsnacks.com
letschatsnacks.com/chips-ahoy-sample-kit
letschatsnacks.com/oreo-and-friends-kits
letschatsnacks.com/oreo-cookie-clip
letschatsnacks.com/oreo-popcorn-sample
letschatsnacks.com/RITZ-Cheese-Crispers
letschatsnacks.com/RITZ-Cheese-Crispers-Sample-Kit
letschatsnacks.com/sour-patch-kids-rebate
letschatsnacks.com/sour-patch-kids-sample-kit
lidl.nyerjakedvenceiddel.hu
liga.nl
lilaliebtgruen.at
lojamondelez.com.br
loteriaciastek.pl
loteriadelicje.pl
loteriamilka.pl
lu.be
lu.fr
lu.nl
lu-original.de
luprince.be
luprince.nl
madbury.in
magnit.milka.ru
magnit.promo.milka.ru
makeit.cadbury.co.uk
makeityours.cadbury.co.uk
mannkitayyari.in
marabou.dk
marabou.fi
marabou.se
maraboupremium.dk
maraboupremium.fi
maraboupremium.se
matchandwin.cadburyfc.com
mavieencouleurs.fr
mdlzcollaboration.com
mdlzcusthelp.ca
mdlzcusthelp.com
mdlzfreerackpromo.com
mdlzmysales.com
mdlz-ny.ru
mdlzvendtray.com
meijeroreo110.prizelogic.com
meinebackkreation.de
mezclaydisfruta.com.ar
miamourembourse.milka.fr
mibodegamondelez.pe
mikado.com
mikado.tv
milka.at
milka.ba
milka.be
milka.bg
milka.com
milka.com.pl
milka.com.tr
milka.cz
milka.de
milka.es
milka.fr
milka.hr
milka.hu
milka.it
milka.it/
milka.nl
milka.oreo.ru
milka.ro
milka.rs
milka.ru
milka.sk
milka.ua
milkamagicaleaster.be
milka-promo.bg
milka-promo.com.ua
milkaslovenija.com
milkatiregala.it
milliegram.com
miracelwhip.de
miracelwhip-mayo.de
mitiendamondelez.com
mobilapresentkort.se/marabougram
molto.gr
mondelez.promo.eprize.com
mondelezcanadafoodservice.ca
mondelezdeutschlandprofessional.de
mondelez-foodservice.co.uk
mondelezfoodservice.com.mx
mondelezfoodsolutions.com.br
mondelezgrowthprogram.com
mondelezinternational.com
mondelezinternationalfoodservice.com
mondelezinternationalnutritionscience.com
mondelez-nabiscominions.promo.eprize.com
mondelez-minions.promo.eprize.com
mondelezpro.fr
mozartkugel.at
mueller.milka.de
mwtr.com
my.mondelezinternational.com
nabiscobiggame.prizelogic.com
nabiscoxbox.com
negotiations.mondelezinternational.com
negro.hu
nientaltrochebonta.it
nl.cotedor.be
nl.oreo.eu
nl.philadelphia.be
nocoe.live-website.com
notjustacadburyad.com
nutavlarvi.se
nu-tavlar-vi.se
nyerjakedvenceiddel.hu
nyerjamilkaval.hu
oboy.fi
oboy.no
oboy.se
opavia.info
opavia180.com
oplatky-kolonada.cz
or.goutezlavictoire.ca
oreo.at
oreo.co.uk
oreo.com
oreo.eu
oreo.gr
oreo.promo
oreo.pt
oreo.ru
oreo110.ca
oreoacademy.es
oreobirthday.oreo.my
oreocookie.jp
oreodzienojca.pl
oreoitalia.it
oreo-la.com
oreomuhely.hu
oreoplay.in
oreoplaypack.in
oreopromociones.es
oreorecipes.com
orociokspacejam.it
oroecoopinsieme.it
orosaiwa.it
otc-icm.mdlz.com
pepitos.com.ar
pequenosalmocos.philadelphia.pt
perekrestok.alpengold.me
philadelphia.be
philadelphia.ch
philadelphia.co.nl
philadelphia.co.uk
philadelphia.com.mx
philadelphia.de
philadelphia.dk
philadelphia.es
philadelphia.fi
philadelphia.fr
philadelphia.gr
philadelphia.ie
philadelphia.it
philadelphia.no
philadelphia.pt
philadelphia.ro
philadelphia.se
philadelphiaprofessional.co.uk
philadelphia-professional.de
philadelphia-professional.it
philly.com.au
phillytisgefsis.gr
playpadwebar.com
playwithoreo.oreo.eu
potursinejnostta.milka.bg
premiumcrackers.jp
pressplaywithoreo.com
princedelu.fr
princepolo.pl
promo.milka.ru
promofield.pe
promoterrabusi.com.ar
pt.cocoalife.org
readmytwirl.com
realrewardscafe.com/MondelezVirtualForum
recaldent-gum.com
recetasconpremio.es
rewe.milka.de
ricettacercasi.sottilette.it
ricettacercasi.sottilette.it/default.aspx
ritzcrackers.com
ritzcrackers.jp
royalcontigo.com
rssl.com
ru.mondelezinternational.com
salesapps.cloud.mdlz.net
secure.promosite.com.au/belvitawoolworths
secure-na1.mdlzapps.com/CollectionAdmin
sensations.milka.ru
services.cadbury.co.uk
services.freia.no
services.milka.de
servicesalimentairesmondelezcanada.ca
services-mw.rssl.com
shop.oreo.eu
shopforbournvita.com/in/bournvita/229347
shopforbournvita.com/in/bournvita/229445
shopfororeo.com/in/oreo/231505
sigamoscompartiendo.suchard.es
sjokoladehus.no
slowreleasecarbs.com
smartlabel.mondelez.info
snackfutures.com
snackmindful.com
snackworks.ca
snackworks.com
solucionesmondelez.com
sottilette.it
sourpatch.com
sourpatchkids.com
soutez.milka.cz
spinspan.gr
sportszelet.hu
stage.oreo.com
stimorol.be
stimorol.ch
stimorol.nl
store.oreo.co.uk
suchard.at
suchard.bg
suchard.es
SuperStriker.CadburyFC.com
sutaz.milka.sk
svogeshokoladi.bg
tatesbakeshop.com
tang.com.ar
tang.com.br
tang.com.mx
tang.com.uy
taste.philadelphia.be
taste.philadelphia.co.nl
tasteglory.ca
tettrungthu.vn
ticketing.cadburyfc.com
tiendamondelez.com.ar
tippspiel.fcmilka.de
toblerone.ch
toblerone.co.uk
toblerone.fr
togethernessgames.com
togetherwefan.com
tournezlaroue.fr.oreo.eu
tr.mondelezinternational.com
trebor.co.uk
trendreport.mondelezinternational.com
trident.com.mx
tridentgum.com
triscuit.com
triscuit.connecting-food.com/en/triscuit/original
tuc.be
Tuc.eu
tuc.fun
tuc.nl
tuc.promo
tuctime.it
tusituc.ro
v6-labs.ch
viomar.gr
vitasnellabakery.it
vkusnobonus.ru
vyhrajscoop.cz
vykotulanesibalstvo.sk
vykutalenarostarna.cz
wbbsgfx.com/tagroller
wheatthins.com
wielkanocneszukajki.pl
winaday.cadburyfc.com
winaday-cadburyfc-netstg.mdlzapps.com
win-v6.stimorol.ch
worldwidehide.cadbury.co.uk
worldwidehide.cadbury.co.za
worldwidehide.cadbury.ie
worldwidehide-manutd.cadbury.co.uk
x5.alpengold.me
x5.oreo.ru
xn--80abhcebubc0amocn4ci.xn--80abwto.xn--p1ai
xn--80abwto.xn--p1ai
xn--80agpnh5a.xn--80abwto.xn--p1ai
xn--80agpnh5a.xn--90aiakgkqi1l.xn--p1ai
xn--90aiakgkqi1l.xn--p1ai
xn--e1aaatbxcjcll.xn--80abwto.xn--p1ai
xn--h1abcjhbnel.xn--80abwto.xn--p1ai
xn--l1adbbf.xn--80abwto.xn--p1ai
youdeserveaflakemoment.com
zartstattzwider.milka.at
ziz.be
perfectsnacks.com
wholesale.perfectsnacks.com
giveandgo.com
twobite.ca
masonstbakehouse.com
kimberleysbakeshoppe.com
unclewallys.com
createatreat.com
theworthycrumb.com
gourmetfood.com.au
enjoylifefoods.com
The following IP addresses are also in-scope of the VDP
13.66.223.183, 13.74.255.173, 13.77.147.35, 13.79.239.166, 13.88.177.77, 13.91.56.148, 20.72.193.247, 20.72.200.158, 20.72.219.4, 20.190.16.28, 40.67.156.99, 40.67.158.114, 40.70.206.138, 40.75.22.229, 40.90.221.158, 40.112.91.212, 40.125.77.62, 51.143.63.17, 52.137.101.217, 52.164.251.140, 52.167.254.129, 52.175.204.40, 52.178.155.90, 52.178.188.66, 52.178.193.117, 52.178.197.1, 52.183.19.111, 52.191.166.26, 52.247.202.84, 52.247.208.18, 52.247.218.60, 64.254.113.166-64.254.113.167, 74.220.96.180, 77.247.2.180-77.247.2.181, 77.247.9.180, 104.46.125.230, 104.208.139.115, 104.208.222.163, 104.208.236.111, 104.209.128.116, 104.209.178.5, 119.31.169.166, 121.244.32.86, 137.116.33.156, 137.116.48.254, 162.117.250.1, 162.117.251.2, 162.117.251.11-162.117.251.12, 162.117.251.20-162.117.251.21, 162.117.253.1, 162.117.253.7-162.117.253.9, 162.117.253.18-162.117.253.21, 162.117.253.23-162.117.253.26, 162.117.253.31-162.117.253.35, 162.117.253.51-162.117.253.54, 162.117.253.65, 162.117.253.76, 162.117.253.81, 162.117.253.131, 162.117.253.193, 162.117.253.211, 162.117.254.1, 162.117.254.3, 168.61.90.195, 183.84.8.44, 207.179.20.181, 207.179.26.104, 104.208.236.111, 119.31.169.166, 121.244.32.86, 162.117.253.18, 162.117.253.23, 162.117.253.24, 162.117.253.25, 162.117.253.26, 183.84.8.44, 20.190.16.28, 207.179.20.181, 207.179.26.104, 52.175.204.40, 52.178.155.90, 52.178.197.1, 52.183.19.111, 64.254.113.166, 64.254.113.167, 74.220.96.180, 77.247.2.180, 77.247.2.181, 77.247.9.180, 63.241.102.38, 63.241.102.37
93.184.72.138
195.68.214.73
46.16.194.69
195.122.195.234
91.196.156.146
81.12.139.114
92.86.207.110
89.120.147.170
91.82.106.182
89.216.23.202
94.42.120.90
185.89.65.82
212.174.158.210
62.1.54.58
80.107.91.210
78.107.30.18
62.96.194.226
217.146.130.51
195.136.48.42
90.152.54.18
83.242.228.94
195.239.232.54
185.183.185.116
86.110.242.75
86.110.245.26
84.254.8.25
This program have been found on Hackerone on 2022-01-19.
FireBounty © 2015-2024
