My first Google HOF

Whoever starts learning about bug hunting, their dream is to get a bounty and HOF from Google. I too got successful in June 2021 when I found a vulnerability in a Google product Dialogflow.

What is Dialogflow?

Dialogflow is a natural language understanding platform that makes it easy to design and integrate a conversational user interface into your mobile app, web application, device, bot, interactive voice response system, and so on. Using Dialogflow, you can provide new and engaging ways for users to interact with your product.

Dialogflow can analyze multiple types of input from your customers, including text or audio inputs (like from a phone or voice recording). It can also respond to your customers in a couple of ways, either through text or with synthetic speech. read more about it here.

I have created many google actions using Dialogflow such as
PU Help
Food Guru etc
It is a very good and easy tool to develop voice assistants and we all know about the booming voice industry.

What was the vulnerability?

One day, I was using the feature of Roles in the Dialogflow. There are 3 roles in the Dialogflow
Admin: creator of the action, has full access
Developer: read-write access
Reviewer: only read access

Granting roles to users

I granted the reviewer role to a user and started using all the features of Dialogflow to see what a Reviewer role user can or can't do. I moved to Training tab where a Reviewer role user was able to modify the Training phrases, Add training phrases to the intent, delete conversations, Change Intent matching through the Training Tab.

Training Tab

It was a serious issue as according to the documentation the Reviewer role user cannot modify the Agentbut I was able to do it.

Impact of the Vulnerability

This has a huge impact as a Reviewer can degrade the whole Dialogflow project by changing the Intent matching, Training phrases, Delete conversations from History Tab. Conversations are essential for a Project Team to analyse data and improve the Agent

It becomes very easy for an Attacker to degrade the project by using the agent on any device such as a mobile phone. All these conversations will be available in the Training Tab and then he can change intent matching, add training phrases etc.

As the Reviewer can view all the training phrases from Intent Tab, he can add all those training phrases to another Intent using this scenario.

This can greatly affect the Agent as it will give wrong responses to users.

google HoF
Google reward

I reported this bug in June 2021 and got the award of $1337 in September 2021. It was a great feeling when I saw the mail with the reward amount. This is my first 4 digit bounty too.

Advice to beginners.

1 Choose one Target
2 Spend time on that(> 1 month)
3 Read Documentation many time




A nature lover, loves to travel

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium


Cost to build an app like Udemy / Lynda clone

Raspberry Pi and Dht11 humidity Sensor

snprintf vs Lagerdata

Cellular Automata: Building the Game of Life

Java 16 is out and you’re stuck with Java6 ? here is what you’re missing out

CH.1 The Challenge: getting started

How to Speed Up WordPress Website Load Time

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
RV Sharma

RV Sharma

A nature lover, loves to travel

More from Medium

How We “Forced” Our Client To Fix A Low Severity Security Bug And Still Got Appreciated!

How I Made The BBC Hall Of Fame 3 Times

IDOR vulnerability on invoice and weak password reset leads to account take over

Bypassing CSRF token protection by abusing a misconfigured CORS policy