bug-bounty458
google364
microsoft314
facebook272
xss250
apple179
malware176
rce165
exploit141
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation81
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos63
browser62
reflected-xss57
react54
cloudflare51
reverse-engineering49
cross-site-scripting48
input-validation48
aws48
docker47
node47
access-control47
smart-contract45
web343
ethereum43
sql-injection43
web-security42
ssrf42
defi42
web-application41
oauth37
writeup37
race-condition36
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
html-injection33
cloud33
auth-bypass33
lfi32
smart-contract-vulnerability32
0
8/10
bug-bounty
A bug bounty hunter discovered unauthenticated Remote Code Execution via an HTTP PUT method on a staging web service running on a non-standard port, enabling file upload of a PHP web shell. The RCE was leveraged to gain a reverse shell, traverse the internal network using discovered zone transfer files, and achieve lateral movement to other systems using weak credentials embedded in system files.
remote-code-execution
http-put-method
web-shell
reverse-shell
unauthenticated-access
subdomain-enumeration
port-scanning
internal-network-traversal
credential-stuffing
zone-transfer
php-web-shell
netcat
nmap
bash-shell
privilege-escalation
lateral-movement
bug-bounty-writeup
nmap
netcat
ncat
OPTIONS
PUT
phpinfo
0
5/10
A writeup demonstrating how to escalate a banner grabbing reconnaissance finding into critical vulnerabilities (DoS and memory corruption) on IIS servers using MS15-034 (CVE-2015-1635), exploitable via HTTP Range headers and Metasploit modules.
banner-grabbing
dos
memory-corruption
iis
cve-2015-1635
http-range-header
metasploit
penetration-testing
vulnerability-chaining
nmap
curl
MS15-034
CVE-2015-1635
Daniel Morais
IIS
Metasploit