How I Accidentally Became the Sherlock Holmes of RCE! and made $$$

The author decided to play detective and hunt for vulnerabilities online, leading to the discovery of a Remote Code Execution (RCE) vulnerability in a well-known enterprise app.
They used a variety of tools including Subfinder, Amass, Nuclei, Burp Suite and Wappalyzer to investigate the application.
The author discovered an endpoint entitled /mgmt/tm/util/bash, which resembled a familiar vulnerability for F5 BIG-IP unauthenticated RCE.
Using their Nuclei scanner, they were able to successfully exploit the vulnerability and gain command execution.
The author suggests that detective work, combined with familiarity with existing vulnerabilities and tools for investigation can lead to successful bug bounty hunting.
This particular discovery resulted in a financial reward for the author.

Fast Feed