bug-bounty502
xss297
google257
microsoft221
facebook199
rce189
exploit162
malware159
cve126
apple124
account-takeover117
bragging-post114
privilege-escalation95
csrf87
phishing82
authentication-bypass75
stored-xss74
writeup65
open-source65
reflected-xss62
browser60
access-control59
dos57
web-security57
supply-chain57
ai-agents52
reverse-engineering52
input-validation51
ssrf49
defi48
smart-contract47
cross-site-scripting47
sql-injection44
ethereum44
oauth43
cloudflare43
lfi42
ctf41
react41
race-condition39
api-security39
web339
information-disclosure38
web-application38
burp-suite36
pentest35
aws35
cloud33
smart-contract-vulnerability33
auth-bypass33
0
5/10
bug-bounty
Researcher exploited CVE-2017-5638 (Apache Struts2 RCE) in a Yahoo application by discovering a vulnerable .do endpoint and bypassing the WAF using a specially crafted Content-Type header payload, earning a $5,500 bounty from Yahoo through HackerOne.
remote-code-execution
cve-2017-5638
apache-struts2
waf-bypass
bug-bounty
bragging-post
content-type-header
exploitation
recon
CVE-2017-5638
Apache Struts2
Yahoo
Selligent Messages Studio
HackerOne
Th3G3nt3lman