How I hacked Google’s bug tracking system itself for $15,600 in bounties
Easy Bugs for Hard Cash
Have you ever heard of the Google Issue Tracker? Probably not, unless you’re a Google employee or a developer who recently reported bugs in Google tools. And neither had I, until I noticed my vulnerability reports were now being handled by opening a new thread there, in addition to the usual email notifications.
So I immediately started trying to break it.