A UK researcher hacked his way through the public websites of the US Department of Defense and several major commercial organizations via some not-so visible weaknesses and vulnerabilities that netted him a grand total of $30,000 in bug bounty rewards. James Kettle, head of research at PortSwigger Web Security, used homegrown hacking tools to find holes in certain public websites and to then drop payloads of malformed Web requests and phony headers on those sites in order to work his way into the backend servers – and in some cases, gain access to the internal network of the organization.

Read full news article on dark READING