Faiyaz Ahmad
3 min readJun 12, 2022


Hi everyone, In this article I am going to show you how i got google’s hall of fame by finding security vulnerability in one of their acquisition. So, let’s get started!

Initial Reconnaissance

So I started hunting on Google around 2 months ago. The first thing that i did initially is that i gather whole list of acquisitions(companies that are owned by a parent company) of Google. After that, I started hunting on one of google’s domain (let’s say Now the web application which i was testing was heavily relying on Artificial Intelligence. In my mind, i was thinking “Hmmm, maybe I should look for vulnerabilities that developer’s often forget” and after few minutes i think of the infamous “PixieFlood” attack.

What is PixieFlood Attack?

In simple terms, it is a vulnerability in which an attacker uploads a malicious picture/image that contains too many pixel. This causes a DoS(Denial of Service)Attack when the server tries to handle the image. Now, let’s continue our story.

How to test for this vulnerability?

1- Download the image file from here.

2- Upload this image to the website you are testing on.

3- If the website’s server gets timed out, it means that the server is vulnerable.

Back to story:

So, the web application has an upload profile picture functionality that basically allows users to upload an image for their profile. I tried to upload the pixieflood image and to my surprise the server got timed out!!! I was like:

I immediately reported this vulnerability to Google and after few week, I got my name in the Google’s Hall of Fame:


So, that’s it for this article. I hope you all learnt something new. Some of the important takeaways of this article are:

1- Follow the road less traveled.

2- Never afraid to fail.

3- Always try out new things.

Check out some of these amazing articles to increase your bug bounty skills:

Want to learn Account Takeover? I got you😉

Increase your cybersecurity skills!

Let’s meet in some another article, Till then: