Update: 5000$ was the initial payment, Paypal payed another 5000$ which makes the total bug bounty of 10,000$ for the command execution vulnerability -
Today when i logged into my Gmail account, I saw Paypal sent me 5000$ for my command execution bug i reported on one of it's subdomains, That's constituted a huge risk to the organization, since an attacker could have easily managed to execute any command on the server. Therefore the bug was extremely critical, however Paypal took more than 2 months to sort it out.
I cannot write more about the vulnerability per the terms of the bug bounty program.
Along with the command execution vulnerability, i was paid 500$ for an XSS vulnerability that i found on Paypal main domain, further more i was also paid for an information disclosure. So in total they sent me an amount of 6000$.
More than 20 of my bugs are still being validated by paypal.
At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.
Kindly Bookmark it and Share it with Friends: