Task 1 of 4
How Knowing the Stack Turned a Recon Finding into $20,000
In 2021, a bug bounty hunter named @uraniumhacker was testing a major e-commerce platform. During recon, he noticed a response header: X-Powered-By: Struts 2.3.1. That version had a known remote code execution vulnerability — CVE-2017-5638, the same one used in the Equifax breach.
He confirmed the CVE applied, demonstrated code execution in a controlled way, and submitted the report. Payout: $20,000. Total time: under two hours. The entire win came from reading a single HTTP header.
WHAT FINGERPRINTING TELLS YOU
HTTP Headers
Server: nginx/1.18.0 → check nginx 1.18.0 CVEs. X-Powered-By: Express → Node.js stack.
Error pages
Stack traces reveal framework, version, file paths, sometimes source code
Cookie names
PHPSESSID = PHP. JSESSIONID = Java. _session = Rails. Instant stack identification.
JS file names
/static/js/react.development.js → React. /wp-content/ → WordPress version
Response timing
Some frameworks have fingerprint-able response timing patterns
1
Why did identifying the framework version (Struts 2.3.1) lead directly to a $20,000 payout?
Answer all 1 question to continue