Security researcher has earned a $5000 bounty from Google

A security researcher was looking at some Google services hoping to find something worth a bounty until he found a bug and got $5000 bounty.

He came across “” which is a simple login page that seems to be for Google employees.

He said that every time the page is reloaded, a new image from “” is loaded directly into the page.

An example of image URL is: “”

After many tries, he was able to get the default Google 404 error, but with one difference by going to the following URL:

A feature called “Re-run query with SFFE debug trace” pointed to:

The debugging page contained various parts of information, providing the server name and internal IP, X-FrontEnd (XFE) HTTP requests, service policies, and other information that is related to Cloud Bigtable.

The issue was reported to Google on January 19, but a permanent fix was rolled out on March 16. Google rewarded the researcher $5,000 for this big, which is the maximum bounty of information disclosure bug. Google has spent out more than $9 million since the start of its bug bounty program in 2010, the highest single reward in 2016 was $100,000.


Related posts

Xiaomi Phones’ TEE Vulnerability May Allow Forge Mobile Payments

Research Finds Facebook Tracks In-App Browser Activities On iOS Devices

Researchers Discover Zimbra Authentication Bypass Flaw Under Attack