Suppose that there exists a DDOS attack vulnerability in Google.com. Now as a rule for bug bounty, we need to exploit the particular vulnerability with proof and then send to Google for our claim. So do i need to DDOS Google.com in responce of my claim for the vulnerability? Or just send my detailed report on this to them?
@D4rkhunt3r Most every Bug Bounty has guidelines that need to be followed. If it is not clear enough contact the company and ask before you do it.
As @MoNsTeR said, if you don’t understand certain things , you should contact the company. But,regarding the “should I DDOS google for a poc” , I don’t think that’s advised (I could be wrong) .You can find many guidelines/bug bounty programs here : https://www.bugcrowd.com/bug-bounty-list/
usually all bug bounties say that they forbid ddos, and if you find a vulnerability that could cause a denial of service they ask you to report it, and that could be considered a bug
@alcg101 thank you for your answer. It help me lot.
Thanks for all the answers everyone. I’m gonna go ahead and close this topic.