Latest News

WOW! Paypal Sends Me 5000$ For A Command Execution Vulnerability


Update: 5000$ was the initial payment, Paypal payed another 5000$ which makes the total bug bounty of 10,000$ for the command execution vulnerability - 

PayPal Pays Me A Total Bounty Of 10,000 For The Command Execution Bug


Today when i logged into my Gmail account, I saw Paypal sent me 5000$  for my command execution bug i reported on one of it's subdomains, That's constituted a huge risk to the organization, since an attacker could have easily managed to execute any command on the server. Therefore the bug was extremely critical, however Paypal took more than 2 months to sort it out.
I cannot write more about the vulnerability per the terms of the bug bounty program.
Along with the command execution vulnerability, i was paid 500$ for an XSS vulnerability that i found on Paypal main domain, further more i was also paid for an information disclosure. So in total they sent me an amount of 6000$.

More than 20 of my bugs are still being validated by paypal.




Last week, i was offered by Paypal for a job as a Senior Pentester A.K.A SecurityNinja. kindly look at the screen shot below:

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code