STAFF REPORT KHI: Rafay Baloch, an independent security researcher from Karachi, has been rewarded with $5,000 for reporting a remote command execution bug in the PayPals website.
According to details, the PayPal had announced that this reward initiative for those researchers who would report about the existence of a bug and its subsequent remote command execution.
Rafay Baloch explained that the bug he had reported was very critical in nature and carried a high amount of risk to the PayPal as an attacker could have easily managed to execute any command on the server and manipulate the data at his will.
He said that he had been paid $500 for an XSS vulnerability that he found on Paypals main domain, in addition to $500 for an information disclosure. Rafay has reported 20 bugs which are still being validated by PayPal.
According to him, PayPal has offered him job in lately. However, he said that he has not decided in this regard mainly due to his continued studies.
It is to be mentioned here that Rafay has earlier been acknowledged by Microsoft, ESET and eBay for reporting bugs and flaws in their systems.