bug-bounty507
xss286
rce138
bragging-post119
account-takeover104
google98
open-source93
exploit92
csrf85
authentication-bypass82
privilege-escalation76
stored-xss74
facebook74
cve70
microsoft69
access-control68
ai-agents64
reflected-xss63
web-security63
writeup58
ssrf52
input-validation52
sql-injection49
smart-contract48
defi48
cross-site-scripting47
malware47
tool46
privacy45
ethereum45
information-disclosure44
phishing41
api-security41
web-application38
lfi37
llm37
vulnerability-disclosure36
opinion36
burp-suite36
automation35
apple35
cloudflare34
infrastructure33
idor33
oauth33
responsible-disclosure33
smart-contract-vulnerability33
web333
html-injection33
machine-learning32
0
5/10
Researcher discovered a deserialization vulnerability in a JSF-based web application by identifying unencrypted serialized Java objects in the javax.faces.ViewState parameter, leading to remote code execution via JMX console exploitation and a $1500 bounty reward.
deserialization
java-serialization
jsf-viewstate
rce
remote-code-execution
jexboss
jmx-console
base64-encoding
bug-bounty
java-security
web-vulnerability
Ashish Kunwar
Jexboss
BugCrowd
Prototype 1.6.1
JBoss
JSF
MyFaces