14 DAY TRIAL // Security researcher Prakhar Prasad has identified a Blind SQL Injection vulnerability on PayPal’s Notifications website (paypal-notify.com). The company has rushed to address the issue and has rewarded the expert with $3,000 (2,250 EUR).
“This bug allowed me to access the database of PayPal Notifications system,” the researcher explained on his blog.
“I did a responsible disclosure of the bug to Paypal Security Team and the issue was addressed immediately, just the next day after my bug report due to its high severity,” he added.
PayPal’s bug bounty program has once again paid off, for both the company and a security researcher.
This is another example of how bug bounty programs can help an organization in keeping its websites secure. It also shows that they encourage independent security researchers to practice responsible disclosure.