bug-bounty424
xss286
google262
microsoft220
facebook194
apple141
rce139
malware103
exploit101
account-takeover93
bragging-post92
cve79
csrf76
authentication-bypass67
privilege-escalation62
access-control53
phishing49
dos49
defi48
smart-contract47
supply-chain46
writeup46
browser45
ethereum44
ssrf44
cloudflare44
open-source43
sql-injection41
stored-xss39
web339
aws37
web-security36
input-validation36
docker36
reverse-engineering35
ai-agents35
react34
api-security34
oauth33
smart-contract-vulnerability33
idor31
information-disclosure31
race-condition30
burp-suite30
node30
cross-site-scripting29
denial-of-service29
reflected-xss28
web-application27
clickjacking26
0
6/10
bug-bounty
Researcher discovered RCE via exposed Rails secret token leaked through Rack's ShowExceptions error page enabled on production. By fuzzing the filename parameter with %0d to trigger an exception, they obtained the secret_token used to sign cookies, which they then exploited to achieve remote code execution across two in-scope assets.
rce
remote-code-execution
rails
rack
showexceptions
secret-token
cookie-signing
information-disclosure
exception-handling
bug-bounty
Rack
Rails
ShowExceptions
action_dispatch.secret_token