1. Home
  2. Bug Bounty Programs
  3. Mondelēz International
HackerOne · VDP

Mondelēz International Vulnerability Disclosure Program

Complete guide to Mondelēz International's vulnerability disclosure program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

Mondelēz International runs a vulnerability disclosure program on HackerOne. The program has 333 in-scope assets and is managed by HackerOne's triage team.

333
In-Scope Assets
2h
Avg Response
100%
Efficiency
68d
Avg Resolve

In-Scope Assets

AssetTypeMax SeverityEligible
admit-it-win.cadbury.co.ukURLCriticalNo Bounty
admit-it.cadbury.co.ukURLCriticalNo Bounty
admit-it.cadbury.ieURLCriticalNo Bounty
aida-mdlz.comURLCriticalNo Bounty
alpengold-promo.meURLCriticalNo Bounty
alpengold-promo.uzURLCriticalNo Bounty
alpengold.meURLCriticalNo Bounty
alpengoldpromo.geURLCriticalNo Bounty
atistirmalikdunyasi.comURLCriticalNo Bounty
barni.orgURLCriticalNo Bounty
barniadventures.comURLCriticalNo Bounty
base-mondelez-ag.frURLCriticalNo Bounty
bassettsvitamins.co.ukURLCriticalNo Bounty
bee.harmony.infoURLCriticalNo Bounty
beldent.com.arURLCriticalNo Bounty
belvita.lifeURLCriticalNo Bounty
belvitaoffer.comURLCriticalNo Bounty
belvitasnacks.comURLCriticalNo Bounty
bigwinwin.cadbury.co.ukURLCriticalNo Bounty
bis.com.brURLCriticalNo Bounty
bournvita.ngURLCriticalNo Bounty
breathewithtomtom.comURLCriticalNo Bounty
brumikobjavitel.skURLCriticalNo Bounty
brumikobjevitel.czURLCriticalNo Bounty
bundakraft.comURLCriticalNo Bounty
cadbury.co.ukURLCriticalNo Bounty
cadbury.co.zaURLCriticalNo Bounty
cadbury.com.auURLCriticalNo Bounty
cadbury.ieURLCriticalNo Bounty
cadburydessertscorner.comURLCriticalNo Bounty
cadburyfindtheticket.com.auURLCriticalNo Bounty
cadburyhuntstartshere.com.auURLCriticalNo Bounty
cadburylollyrewards.comURLCriticalNo Bounty
cadburyperksmartunlocks.comURLCriticalNo Bounty
cadburytrytime.co.nzURLCriticalNo Bounty
cadburyworld.co.ukURLCriticalNo Bounty
canjeatupremiomdlz.comURLCriticalNo Bounty
catalogohellojoy.comURLCriticalNo Bounty
chipsahoyscan.comURLCriticalNo Bounty
chokladdrom.marabou.seURLCriticalNo Bounty
clifbar.caURLCriticalNo Bounty
clifbar.comURLCriticalNo Bounty
clifbar.com.auURLCriticalNo Bounty
clorets.jpURLCriticalNo Bounty
clubsocial.com.brURLCriticalNo Bounty
cocoalife.orgURLCriticalNo Bounty
coffeecallsforbelvita.comURLCriticalNo Bounty
concorsocoop.philadelphia.itURLCriticalNo Bounty
contactus.mdlzapps.comURLCriticalNo Bounty
cotedor.comURLCriticalNo Bounty

Showing 50 of 333 in-scope assets. View all on HackerOne.

Out-of-Scope Assets

  • Leaked Credentials

Tips for Hacking Mondelēz International

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking Mondelēz International?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does Mondelēz International pay bounties?

No, Mondelēz International runs a Vulnerability Disclosure Program (VDP) without monetary rewards. You may receive recognition or swag.

What types of vulnerabilities does Mondelēz International accept?

Mondelēz International accepts reports for vulnerabilities found in their 333 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

Hack The Box

HackerOne · VDP · 9 assets

Taxwell VDP

HackerOne · VDP · 2 assets

Audible

HackerOne · Bug Bounty · 4 assets