The dream of every White Hat Hacker and Bug hunter is to get Hall Of Fame Acknowledgment by World’s IT Giant Google. No introduction needed about Google. And so was my aim to get a place in Google’s Hall of fame and to qualify for their VRP which are only for Security Researcher. I started my Journey in White Hat quite a little back ago as i loved to crack Top Companies website in my free time and to break things for positive aspects.
Google being quite secured, required a lots of Hardwork and Dedication to make a way through it. Initially, before 2 months i reported a bug to Google, but unfortunately it was a `Duplicate` though it was valid but Duplicates are not considered Eligible either for Reward nor for Acknowledgment according to Google’s term
So i researched and found out one more bug and reported it to Google, but bad luck hovered on my head and it was also considered `Duplicate`.
Moreover, i again Hunted one more bug and Reported but that was also a `duplicate` issue given by Google. I was sure that the bug cannot be duplicated because it was quite a creative and had a larger impact which google couldn’t keep unpatch. But still, the thing didn’t escalated as Google were firm on their Decision. and had the following quote in Mind.
“Persistence can change failure into Extraordinary achievement”
A month later (after completing my College Exams) , I again went positively to target Google within November 2015 end and became vigilant at every suspicious locations.
Then, i found 5 Bugs on a single Google’s Acquisition known called “Stack Driver” . And after a lot of code reviewing, i triggered out this
Wasn’t much satisfied as i had got a “Duplicate-O-Phobia” experience with them, So i thought to do something more special. 😉
Well, the next one was even better . StackDriver used API .The documentation is here:
Now, i got a clear cut bug there, which escalated me to more 3 issues including “Frame Limit Protection Bypass” (Some private trick) and other two i cannot disclose due to Privacy Reasons. Paw Paw Admin had two user was dan & user. So i got it real fast to take that thing due to an other feature ( Fixed )
So, i reported these bugs to Google Security Team and kept my Fingers crossed, and reply came in 5 Hours 😀 Blazing much . And this time a positive reply and i sent some more information with video too and yes they fixed everything quick .
“Success if Not Final, Failure is not Fatal, it is the courage to continue that counts”
Yeah , Validated . and VRP too . Got Listed in Google’s Hall of Fame on 26/11 . Bazinga.
Link : https://www.google.com/about/appsecurity/hall-of-fame/archive/
Page 22 😀
I truly thank the Excellent Security Team of Google and their quick response. Their is nothing better than Google, and the feeling after getting acknowledged by Google is itself Immense. Would continue to keep Hunting on Google and helping their Web applications safe.! It’s like Dream come true.
Thank you for Reading the article. Hope you liked. I would be planning to write a article on SSRF and XXE soon so stay tuned. and the next target is ofcourse “Facebook” . 😉