bug-bounty463
xss280
google230
microsoft189
facebook175
rce127
apple123
bragging-post110
account-takeover98
exploit94
csrf82
authentication-bypass70
stored-xss67
reflected-xss60
privilege-escalation57
access-control53
cve52
writeup50
input-validation49
defi48
cross-site-scripting47
web-security47
smart-contract47
open-source46
malware45
ethereum44
ssrf44
react41
sql-injection40
browser40
web-application37
oauth37
docker36
api-security35
burp-suite35
web335
dos35
ai-agents35
supply-chain33
smart-contract-vulnerability33
information-disclosure33
aws32
vulnerability-disclosure30
lfi30
clickjacking29
responsible-disclosure29
denial-of-service29
node28
idor28
html-injection28
0
6/10
bug-bounty
Researcher bypassed WAF protections against Apache Struts CVE-2013-2251 by embedding OGNL RCE payloads within a legitimate redirect parameter, then escalated from remote code execution to root shell via SSH key manipulation and kernel CVE-2013-2094 exploitation.
cve-2013-2251
apache-struts
rce
remote-code-execution
firewall-bypass
ognl-injection
privilege-escalation
reverse-ssh
kernel-exploit
cve-2013-2094
java-web-application
bragging-post
CVE-2013-2251
CVE-2013-2094
Apache Struts
Avinash Jain
Kunal Aggarwal