Dear Readers,
I have just started reporting bugs to google bug hunting program, at https://www.google.com/appserve/security-bugs/m2/new
And my first reporting was accepted as a bug! I recommend all my friends to take bug hunting as a job or part time job if you are interested in internet security and also googles hall of fame and nice rewards!
Please feel free to comment below if you have any questions about how to start bug hunting.
The Reported bugs are categorized as P0 to P4 and S0 to S4
Below are the reward amounts for accepted vulnerabilities:
Reward amounts for security vulnerabilities
Rewards for qualifying bugs range from $100 to $31,337. The following table outlines the usual rewards chosen for the most common classes of bugs:
| Category | Examples | Applications that permit taking over a Google account [1] | Other highly sensitive applications [2] | Normal Google applications | Non-integrated acquisitions and other sandboxed or lower priority applications [3] |
|---|---|---|---|---|---|
| Vulnerabilities giving direct access to Google servers | |||||
| Remote code execution | Command injection, deserialization bugs, sandbox escapes | $31,337 | $31,337 | $31,337 | $1,337 - $5,000 |
| Unrestricted file system or database access | Unsandboxed XXE, SQL injection | $13,337 | $13,337 | $13,337 | $1,337 - $5,000 |
| Logic flaw bugs leaking or bypassing significant security controls | Direct object reference, remote user impersonation | $13,337 | $7,500 | $5,000 | $500 |
| Vulnerabilities giving access to client or authenticated session of the logged-in victim | |||||
| Execute code on the client | Web: Cross-site scripting Mobile / Hardware: Code execution | $7,500 | $5,000 | $3,133.7 | $100 |
| Other valid security vulnerabilities | Web: CSRF, Clickjacking Mobile / Hardware: Information leak, privilege escalation | $500 - $7,500 | $500 - $5,000 | $500 - $3,133.7 | $100 |
Reward amounts for abuse-related methodologies
New! Rewards for abuse-related methodologies are based on a different scale and range from USD $100 to $5,000. The reward amount for these abuse-related bugs depends on the potential probability and impact of the submitted technique.
| Impact [1] | ||||
|---|---|---|---|---|
| High | Medium | Low | ||
| Probability [2] | High | Up to $5,000 | $1,337 to $3,133.7 | $500 |
| Medium | $1,337 to $3,133.7 | $500 | $100 | |
| Low | $500 | $100 | HoF Credit | |
No comments:
Post a Comment
Dear visitor,
Please do not post spam. All comments will be moderated before approval.