PayPal Shafts Teenager Out of Bug-Bounty Reward
Robert Kugler, a 17-year-old German student, claims he notified PayPal of the vulnerability in question on May 19, to which he received an email response indicating that since he's not 18 years old, he doesn't quality for PayPal's Bug Bounty Program, PCWorld reports.
One of PayPal's requirements is that bounty hunters have a verified PayPal account, which is how they're compensated. Kugler, who turns 18 years old next March, asked if PayPal could issue the reward to his parents' account. Failing that, he'd at least like to have some kind of written statement acknowledging his contribution so that he can list it on his resume when applying for jobs. He's yet to hear back from PayPal, though given the media attention this is receiving, it'd be surprising if the eBay-owned site held firm on its stance.
The bug Kugler discovered has to do with a Cross-Stie Scripting (XSS) vulnerability.