Pwnie Awards 2017

The 2010 Pwnie Award For Best Server-Side Bug

CVE-2010-1870

Meder Kydyraliev

Do you use the Struts2 framework in your enterprise web application? Meder Kydyraliev discovered that an single HTTP request with just five special parameters is enough to execute arbitrary Java code on the webserver. Meder gets bonus points for having to track down developers on IRC to get the vulnerability fixed after receiving no response from [email protected]