bug-bounty486
xss278
google242
microsoft219
facebook199
rce175
malware156
exploit144
apple122
cve121
bragging-post113
account-takeover112
privilege-escalation92
csrf86
phishing81
authentication-bypass74
stored-xss74
open-source64
reflected-xss62
access-control59
supply-chain57
web-security57
dos56
browser55
ai-agents52
writeup52
input-validation51
reverse-engineering50
defi48
cross-site-scripting47
smart-contract47
ssrf45
sql-injection44
ethereum44
cloudflare42
web340
lfi39
race-condition39
web-application38
react38
oauth38
api-security38
information-disclosure37
burp-suite36
aws35
ctf34
pentest34
smart-contract-vulnerability33
auth-bypass33
tool33
0
5/10
bug-bounty
Researcher exploited CVE-2017-5638 (Apache Struts2 RCE) in a Yahoo application by discovering a vulnerable .do endpoint and bypassing the WAF using a specially crafted Content-Type header payload, earning a $5,500 bounty from Yahoo through HackerOne.
remote-code-execution
cve-2017-5638
apache-struts2
waf-bypass
bug-bounty
bragging-post
content-type-header
exploitation
recon
CVE-2017-5638
Apache Struts2
Yahoo
Selligent Messages Studio
HackerOne
Th3G3nt3lman