bug-bounty484
google314
xss279
microsoft259
facebook219
rce172
apple153
exploit142
malware107
bragging-post102
account-takeover100
cve89
csrf84
privilege-escalation80
authentication-bypass66
stored-xss65
writeup62
phishing57
reflected-xss57
browser55
react54
dos53
ssrf52
access-control50
input-validation49
cloudflare49
cross-site-scripting48
supply-chain47
node47
aws46
docker46
sql-injection45
smart-contract45
ethereum44
web-security43
oauth43
web-application43
defi43
web340
reverse-engineering39
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
csp-bypass32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
0
5/10
bug-bounty
Researcher found three vulnerabilities at Yahoo's Brightroll service: two RCEs via JSON injection in a message queue system (bypassing command filters using Unicode escapes), and an SSRF vulnerability in image resizing that allowed arbitrary file reads via curl flag injection. The third vulnerability was nearly an RCE but limited to file disclosure without execution.
rce
remote-code-execution
command-injection
ssrf
server-side-request-forgery
json-injection
curl-exploitation
bug-bounty
reconnaissance
brightroll
yahoo
file-disclosure
filter-bypass
bragging-post
Yahoo
Kedrisec
Brightroll
RabbitMQ
Aquatone
Google
AWS