Rafay Baloch, an independent security researcher from Karachi, has been rewarded with $10,000 for reporting a remote command execution bug in the PayPal’s website.
According to details, PayPal had announced that this reward is an initiative for those researchers who would report about the existence of a bug and its subsequent remote command execution, Technology Times Reported.
Rafay Baloch explained that the bug he had reported was very critical in nature and carried a high amount of risk to the PayPal as an attacker could have easily managed to execute any command on the server and manipulate the data at his will.
He said that he had been paid $500 for an XSS vulnerability that he found on Paypal’s main domain, in addition to it, $500 for an information disclosure. Rafay has reported 20 bugs which are still being validated by PayPal.
According to him, PayPal has also offered him job. However, he said that he has not decided in this regard mainly due to his studies.
It is to be mentioned here that Rafay earlier also been acknowledged by Microsoft, ESET and eBay for reporting bugs and flaws in their systems.