Two Indian hackers win a reward of $22,267 by finding significant bugs in the security flaw of Google Cloud Computing. The hackers who got this bug bounty are Sreeram KL and Sivanesh Ashok. They both were part of the (VRP) Google Vulnerability Reward Program. The hacker also posted about how they found and dealt with this bug on the blog post.
Indian Hackers Score This Bug Bounty of 18 Lakhs
Sivanesh took to Twitter and said that @kl_sree and I found a bug in Google Cloud that allowed us to take over the victim’s compute engine VM. And that’s how they won a bounty by reporting various bugs in the security of google cloud computing.
The Hackers further stated through their blog post that, “Since there was no random token or CSRF protection, anyone could craft a link and send it to a Compute Engine user to create a new user in their instance…making a victim open a malicious link would add the attacker’s username and SSH key into their computer.”
A bug bounty is a cash prize, or some reward companies give to those who find significant flaws in security, bugs, or vulnerabilities. And the India Hackers scored a bounty of $22,267, around Rs. 18,00,000.
The duo received the bounty as they found us some major security bugs in the cloud services of google – Google Cloud Program Projects. One of the significant bounties was around $5000 to find out the bug of SSRF (Server Side Request Forgery).
Server Side Request Forgery is the primary security flaw in which hackers tend to trick the victim into opening random malicious links, and thus, hackers can take complete control of their Google Cloud Program Projects (GCP)
However, there is no need to worry about these bugs now. Upon discovering these bugs, google immediately releases the patches and secures its cloud services.
What is Google Vleneurability Reward Program
In case you don’t know what VRP is by google, It is a bug bounty program that allows users to receive rewards by finding various Vulnerabilities and providing patches to these security flaws. But You have to be within the guidelines of google if you want to receive a bounty.
So, Are you also interested in finding bugs and getting rewards? If you have ever got any bug bounty, please let us know.