WOW! Paypal Sends Me 5000$ For A Command Execution Vulnerability


Update: 5000$ was the initial payment, Paypal payed another 5000$ which makes the total bug bounty of 10,000$ for the command execution vulnerability - 

PayPal Pays Me A Total Bounty Of 10,000 For The Command Execution Bug


Today when i logged into my Gmail account, I saw Paypal sent me 5000$  for my command execution bug i reported on one of it's subdomains, That's constituted a huge risk to the organization, since an attacker could have easily managed to execute any command on the server. Therefore the bug was extremely critical, however Paypal took more than 2 months to sort it out.
I cannot write more about the vulnerability per the terms of the bug bounty program.
Along with the command execution vulnerability, i was paid 500$ for an XSS vulnerability that i found on Paypal main domain, further more i was also paid for an information disclosure. So in total they sent me an amount of 6000$.

More than 20 of my bugs are still being validated by paypal.




Last week, i was offered by Paypal for a job as a Senior Pentester A.K.A SecurityNinja. kindly look at the screen shot below: