How I Got $3133.70 From Google

Hay all i hope you all good,here i want to share about my firts big bounty from google. im really lucky to found it couse i just a beginner,

I learned the bugbounty for more than a year, firts time i just look at my friend apapedulimu.click doing something what i dont know and after several months im interest to doing that(bug bounty) and than i learn.

now how can i found bug on google…

firts i just look around on google subdomain like tagmanager.google.com,business.google.com and other , i try to found some vulnerability like broken authentication,xss and other but im not lucky i cant found anything. im so sad,tired and after tree day try to found some vulnerability but nothing found i stop and i changed to read a many reference.

now im back, i go again to many subdomain on google and try to found some blind xss, my stupid think im always insert some xss hunter payload on many subdomain on google”like place where you can make some request to service” or help request.

after few hours i fell so tired and go sleep and in the morning ohhh god i got surprised from my gmail. i got notification from xss hunter if my payload was execute on https://sfstory.googleplex.com,i check to my xss hunter and got this.

im so happy really happy but i dont know im forget where i insert the payload. i try to remember but i can’t couse i insert the payload to many subdomain.

i cant remember, so i reported what i found to issuetracker and i said to them if i found some blind xss on https://sfstory.googleplex.com.

i cant believe ,im so happy,my lucky

they give me , $3133.70 really thanks.

Timeline

• 4 Mei : reported issue
• 4 Mei : Staf ask the DOM From My Xss Hunter
• 4 Mei : I Send The DOM
• 4 Mei : Nice catch
• 6 Mei : Bounty $3133.70

Really thanks to all bug hunter comunity,i learn much from you all.