Rathers than defacing a website or any harm, you have sumbit bug to website's admin and you'll Get reward for it. Take a Look of Vulnerability reporting Programs & Thier rewards !
in Google Vulnerability reward program you can sumbit Vulnerabilities and Bugs on
- .google.com
- .youtube.com
- .blogger.com
- .orkut.com
and subdomains of these websites, Like mail.google.com, sandbox.orkut.com etc !
you can report these Vulnerabilities on Google
- Cross-site scripting
- Cross-site request forgery
- Cross-site script inclusion
- Flaws in authentication and authorization mechanisms
- Server-side code execution or command injection bugs.
| accounts.google.com | Other highly sensitive services [1] | Normal Google applications | Non-integrated acquisitions and other lower priority sites [2] | |
|---|---|---|---|---|
| Remote code execution | $20,000 | $20,000 | $20,000 | $5,000 |
| SQL injection or equivalent | $10,000 | $10,000 | $10,000 | $5,000 |
| Significant authentication bypass or information leak | $10,000 | $5,000 | $1,337 | $500 |
| Typical XSS | $3,133.7 | $1,337 | $500 | $100 |
| XSRF, XSSI, and other common web flaws |
$500 - $3,133.7
(depending on impact)
|
$500 - $1,337
(depending on impact) | $500 | $100 |
2.Reporting Vuln to facebook!
You can sumbit these bugs to facebook
- ross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Remote Code Injection
- Broken Authentication (including Facebook OAuth bugs)
- Circumvention of our Platform permission model
- A bug that allows the viewing of private user data
Rewards :
you'll get $500 USD for reporting a Bug, it may increase the reward for specific bugs
Note : you can't sumbit bugs on apps.facebook.com
to sumbit your vulnerablity report goto http://www.facebook.com/whitehat/report/
That all credit to Deviluniverse
