bug-bounty458
google364
microsoft314
facebook272
xss250
apple179
malware176
rce165
exploit141
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation81
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos63
browser62
reflected-xss57
react54
cloudflare51
reverse-engineering49
cross-site-scripting48
input-validation48
aws48
docker47
node47
access-control47
smart-contract45
web343
ethereum43
sql-injection43
web-security42
ssrf42
defi42
web-application41
oauth37
writeup37
race-condition36
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
html-injection33
cloud33
auth-bypass33
lfi32
smart-contract-vulnerability32
0
8/10
bug-bounty
A bug bounty hunter discovered unauthenticated Remote Code Execution via an HTTP PUT method on a staging web service running on a non-standard port, enabling file upload of a PHP web shell. The RCE was leveraged to gain a reverse shell, traverse the internal network using discovered zone transfer files, and achieve lateral movement to other systems using weak credentials embedded in system files.
remote-code-execution
http-put-method
web-shell
reverse-shell
unauthenticated-access
subdomain-enumeration
port-scanning
internal-network-traversal
credential-stuffing
zone-transfer
php-web-shell
netcat
nmap
bash-shell
privilege-escalation
lateral-movement
bug-bounty-writeup
nmap
netcat
ncat
OPTIONS
PUT
phpinfo
0
7/10
bug-bounty
A researcher chained a self-XSS vulnerability with SMTP email injection to achieve stored XSS by crafting malformed emails via netcat that create new clients with XSS payloads in email fields, triggering when employees access client management pages.
stored-xss
self-xss
xss-chaining
smtp-injection
email-injection
netcat
crm
html-injection
client-management
spf-bypass
Plenum
Mailgun
Medium