Why Google Awarded me $5000 & Hall Of Fame - Bug Directory Travesal
2021-12-05 - 1 minHey amazing Bug Hunter!
After many month, I decided to write writeups regarding my bounty from Google of worth $5000.
Timeline:
Jun 28, 2021 : Reported
Jun 28, 2021 : Status: Won’t Fix (Not Reproducible)
Jun 28, 2021 : Status: Accepted (reopened).
Jun 29, 2021 : Hello,Regarding our Vulnerability Reward Program: The VRP panel has decided to issue a reward of $5000.00 for your report. Congratulations! Important: If you aren't already registered with Google as a supplier, p2p-vrp@google.com will reach out to you. If you have registered in the past, no need to repeat the process – you can sit back and relax, and we will process the payment soon. Note: This month, we are changing our payment processing backend. There might be small delays (a few weeks) with how the payments are processed. Thanks for understanding, and sorry for the trouble!If you have any payment related requests, please direct them to p2p-vrp@google.com. Please remember to include the subject of this email and the email address that the report was sent from. Regards, Google Security Bot.
October 30, 2021 : fixed.
To demonstrate the impact of the vulnerability, I have made this video:
Galih Ramadhan Yusanto
Security Analyst