https://www.paypal.com/de/cgi-bin/searchscr?cmd=_sitewide-search Screenshot: http://picturepush.com/public/13144090 Unfortunately PayPal disqualified me from receiving any bounty payment because of being 17 years old... PayPal Site Security: "To be eligible for the Bug Bounty Program, you *must not*: ... Be less than 18 years of age.If PayPal discovers that a researcher does not meet any of the criteria above, PayPal will remove that researcher from the Bug Bounty Program and disqualify them from receiving any bounty payments." I don’t want to allege PayPal a kind of bug bounty cost saving, but it’s not the best idea when you're interested in motivated security researchers... Screen Shot proof of my emails
I also asked for an acknowledgement of my find, only a small PDF document, something that I can use in a job application! But they ignored my email and didn’t send a reply…
If PayPal had created a small vulnerability acknowledgement I wouldn’t have published anything!
Best regards, Robert Kugler