Blind SQL Injection in PayPal Notifications
On 28th December 2012 I found a Blind SQL Injection vulnerability in the Paypal Notifications (https://www.paypal-notify.com)
This bug allowed me to access the database of Paypal Notifications system. More details on Blind SQL Injection can be read here
As a part of Paypal Bug Bounty Program, I did a responsible disclosure of the bug to Paypal Security Team and the issue was addressed immediately, just the next day after my bug report due to its high severity.
I'm very thankful to Paypal Site Security Team for the reward and Shai Rod for additional help.