$ 10,000 was paid to a Uruguayan student after revealing a security breach that could allow hackers to access sensitive data
$ 10,000 was paid to a Uruguayan student after revealing a security breach that could allow hackers to access sensitive data.
$ 10,000 was paid to a Uruguayan student after revealing a security breach that could allow hackers to access sensitive data.
Ezequiel Pereira discovered this vulnerability in the Google App Engine server after modifying the host header in requests to the server using Burp.
The high school student explained in a blog post, "I was bored, so I tried to find a bug at Google."
After several unsuccessful attempts, he managed to access an internal web page that did not verify his username or required any other security measures.
It was here that Pereira was redirected to the "/ eng" page and was surprised to find himself somewhere Google never anticipated.
After reading something in the "Google Confidential" footer, he decided to stop and "report the problem immediately".
A member of Google's security team said he would investigate the problem and respond after reviewing the bug.
At this point, the student thought that very little would result. "Cool, it's probably a small thing that is not worth it, the website probably contains technical information about Google's servers and nothing important," he said.
It turned out that the problem he was discovering was worth more than a penny and Google informed him that the bug he reportedly reported would see him receive $ 10,000 from Google's vulnerability reward program (VRP).
In 2013, Google expanded its VPN policy to include a selection of high-risk software applications, primarily designed for networking. His previous bug bonus program focused on Google products.
The Uruguayan student said he wanted to become a researcher in safety in the future. He was naturally delighted and also confirmed that the problem had been solved: "The bug has been fixed. According to Google, the big advantage was to have found a few variants that would have allowed an attacker to access sensitive data, "he added.
$ 10,000 was paid to a Uruguayan student after revealing a security breach that could allow hackers to access sensitive data.
Ezequiel Pereira discovered this vulnerability in the Google App Engine server after modifying the host header in requests to the server using Burp.
The high school student explained in a blog post, "I was bored, so I tried to find a bug at Google."
After several unsuccessful attempts, he managed to access an internal web page that did not verify his username or required any other security measures.
It was here that Pereira was redirected to the "/ eng" page and was surprised to find himself somewhere Google never anticipated.
After reading something in the "Google Confidential" footer, he decided to stop and "report the problem immediately".
A member of Google's security team said he would investigate the problem and respond after reviewing the bug.
At this point, the student thought that very little would result. "Cool, it's probably a small thing that is not worth it, the website probably contains technical information about Google's servers and nothing important," he said.
It turned out that the problem he was discovering was worth more than a penny and Google informed him that the bug he reportedly reported would see him receive $ 10,000 from Google's vulnerability reward program (VRP).
In 2013, Google expanded its VPN policy to include a selection of high-risk software applications, primarily designed for networking. His previous bug bonus program focused on Google products.
The Uruguayan student said he wanted to become a researcher in safety in the future. He was naturally delighted and also confirmed that the problem had been solved: "The bug has been fixed. According to Google, the big advantage was to have found a few variants that would have allowed an attacker to access sensitive data, "he added.
$ 10,000 was paid to a Uruguayan student after revealing a security breach that could allow hackers to access sensitive data
Reviewed by petitbicasos
on
7:43 PM
Rating:
Reviewed by petitbicasos
on
7:43 PM
Rating:
Post a Comment