bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
bug-bounty
A bug bounty researcher discovered RCE on an abandoned staging web service via an unauthenticated PUT HTTP method that allowed arbitrary file uploads, enabling PHP web shell deployment and subsequent internal network traversal with privilege escalation through credential reuse and weak security practices.
rce
remote-code-execution
http-put-method
web-shell
reverse-shell
unauthenticated-access
file-upload
http-methods
internal-network-traversal
privilege-escalation
network-reconnaissance
subdomain-enumeration
port-scanning
php-webshell
credential-reuse
ssh-access
hash-cracking
vpn-certificate
staging-environment
nmap
ncat
netcat
PHP
Python
SSH
RDP
SMB
DNS zone transfer
0
A vulnerability in Instagram's account reactivation process allowed attackers to reactivate deactivated accounts using only credentials, bypassing two-factor authentication that should have been required. The issue was fixed by Instagram after being reported through their bug bounty program, resulting in a $500 bounty award.
2fa-bypass
authentication-bypass
account-takeover
business-logic-flaw
instagram
credential-reuse
account-reactivation
Instagram
Facebook
Aman Shahid
HackerOne