My first Google HOF

RV Sharma
3 min readDec 31, 2021


Whoever starts learning about bug hunting, their dream is to get a bounty and HOF from Google. I too got successful in June 2021 when I found a vulnerability in a Google product Dialogflow.

What is Dialogflow?

Dialogflow is a natural language understanding platform that makes it easy to design and integrate a conversational user interface into your mobile app, web application, device, bot, interactive voice response system, and so on. Using Dialogflow, you can provide new and engaging ways for users to interact with your product.

Dialogflow can analyze multiple types of input from your customers, including text or audio inputs (like from a phone or voice recording). It can also respond to your customers in a couple of ways, either through text or with synthetic speech. read more about it here.

I have created many google actions using Dialogflow such as
PU Help
Food Guru etc
It is a very good and easy tool to develop voice assistants and we all know about the booming voice industry.

What was the vulnerability?

One day, I was using the feature of Roles in the Dialogflow. There are 3 roles in the Dialogflow
Admin: creator of the action, has full access
Developer: read-write access
Reviewer: only read access

Granting roles to users

I granted the reviewer role to a user and started using all the features of Dialogflow to see what a Reviewer role user can or can't do. I moved to Training tab where a Reviewer role user was able to modify the Training phrases, Add training phrases to the intent, delete conversations, Change Intent matching through the Training Tab.

Training Tab

It was a serious issue as according to the documentation the Reviewer role user cannot modify the Agentbut I was able to do it.

Impact of the Vulnerability

This has a huge impact as a Reviewer can degrade the whole Dialogflow project by changing the Intent matching, Training phrases, Delete conversations from History Tab. Conversations are essential for a Project Team to analyse data and improve the Agent

It becomes very easy for an Attacker to degrade the project by using the agent on any device such as a mobile phone. All these conversations will be available in the Training Tab and then he can change intent matching, add training phrases etc.

As the Reviewer can view all the training phrases from Intent Tab, he can add all those training phrases to another Intent using this scenario.

This can greatly affect the Agent as it will give wrong responses to users.

google HoF
Google reward

I reported this bug in June 2021 and got the award of $1337 in September 2021. It was a great feeling when I saw the mail with the reward amount. This is my first 4 digit bounty too.

Advice to beginners.

1 Choose one Target
2 Spend time on that(> 1 month)
3 Read Documentation many time