Yahoo! RCE via Spring Engine SSTI

This is write up in which I’ll explain a vulnerability I recently found, and reported through Yahoo’s bug bounty program. In web application security testing, doing reconnaissance is an important part of finding potentially vulnerable web application assets, as you can discover subdomains, directories, and other assets, which could increase the surface of attack. First, […]

Read More Yahoo! RCE via Spring Engine SSTI