Yahoo! RCE via Spring Engine SSTI

This is write up in which I’ll explain a vulnerability I recently found, and reported through Yahoo’s bug bounty program. When testing the security of web applications, doing reconnaissance is an important part of finding potentially vulnerable web assets, as you can discover subdomains, directories, and other assets, that could increase the surface of attack. […]

Read More Yahoo! RCE via Spring Engine SSTI