http-put-request

1 article
sort: new top best
clear filter
bug-bounty463 xss280 google228 microsoft188 facebook172 rce126 apple121 bragging-post110 account-takeover98 exploit93 csrf82 authentication-bypass71 stored-xss68 reflected-xss60 privilege-escalation59 access-control54 cve51 input-validation50 writeup50 web-security48 defi48 open-source47 cross-site-scripting47 smart-contract47 malware45 ethereum44 ssrf44 react41 sql-injection40 browser39 web-application38 oauth37 docker36 api-security35 ai-agents35 dos35 web335 burp-suite35 information-disclosure33 smart-contract-vulnerability33 aws32 supply-chain32 lfi30 vulnerability-disclosure30 responsible-disclosure29 denial-of-service29 clickjacking29 html-injection29 waf-bypass28 idor28
0 6/10
Found RCE but got Duplicated
bug-bounty

A bug bounty hunter discovered RCE by bypassing file upload restrictions through MIME type manipulation in a GET request, which was reflected in subsequent PUT requests, ultimately allowing PHP file upload via php5/php7 extensions when direct PHP upload was blocked.

rce file-upload mime-type-bypass php-extension-bypass stored-xss same-origin-policy-bypass http-put-request web-application bug-bounty
Meet Sodha Smilehacker
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 6 hours ago · details