Make Money by Reporting Vulnerabilities From Facebook, Google and Others

This is news for all researchers, hackers, and developers. Now the lot of you can earn money by doing what you do best, search for vulnerabilities in sites and programs such as Facebook, Mozilla, and PayPal. The first company to ever introduce this idea to the masses was Mozilla and soon after, Google followed suit. Facebook was the next in line. All these major shareholders of today’s internet services began offering $500 worth of bounty ages ago. As time passed, they too have increased their rewards paying as much as $3000 and above.


Facebook has started to follow in the footsteps of Mozilla and Google by launching a “bug bounty” program where people who find and report bugs and vulnerabilities can cash in on them. The “Responsible Disclosure Policy” program, through which researchers and developers can report flaws in the website, can reward up to $500 and above.

According to Facebook;

“If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.”

Bugs that you can submit to Facebook:

1. Cross-Site Scripting (XSS)
2. Cross-Site Request Forgery (CSRF/XSRF)
3. Remote Code Injection
4. Broken Authentication (including Facebook OAuth bugs)
5. Circumvention of Platform permission model
6. A bug that allows a third-party to view private user data

Basically, anyone can cash into this opportunity but to qualify you must:

1. Be the first person to privately report the bug
2. Reside in a country, not under any current US sanctions
3. Must abide by the Responsible Disclosure Policy and
4. The bug found could potentially compromise the integrity or privacy of Facebook user data.

The following would lead to disqualification in the bug bounty program:
1. Denial-of-service vulnerabilities
2. Spam and social engineering techniques and
3. Bugs in third-party apps and websites and Facebook’s corporate infrastructure.

To submit your report Click Here.


Bugs and vulnerabilities that you can submit to Google:

3. bloggers. com

Bugs that you can submit to Google:

1. Cross-site scripting
2. Cross-site request forgery
3. Cross-site script inclusion
4. Flaws in authentication and authorization mechanisms
5. Server-side code execution or command injection bugs.

The following would lead to disqualification in the bug bounty program:

1. Attacks against Google corporate infrastructure
2. Social engineering and attacks on physical facilities
3. Brute-force denial of service bugs
4. SEO techniques
5. Vulnerabilities in non-web applications
6. Vulnerabilities in Google-branded services operated by third parties.

You can send your report to [email protected].


According to PayPal;

“To encourage responsible disclosure, we commit that – if we conclude that a disclosure respects and meets all the guidelines [outlined in the policy] – we will not bring a private action or refer a matter for a public inquiry.”

Bugs and vulnerabilities that you can submit to PayPal:

1. Cross-site scripting
2. Cross-site request forgery
3. SQL Injection
4.Authentication ByPass.

To quality you must:

1. Be the first one to report the previously unknown bug.
2. Make sure that it’s a PayPal website.
3. Not send PayPal your personal information in your report and us a PGP key to encrypt your email.
4. If you are from a sanctioned country you will not be allowed to participate in this program.
5. eBay Inc. employees, contractors, and their immediate relatives are not allowed to participate in the program.

You can send your report to [email protected]

This is your chance to cash into these amazing rewards. If you are a security researcher, then you are in for a big treat. Thank you for reading.

Related Articles

Back to top button