Black & White Path
Jul 8, 2026 · Information Security
How I Earned $23,000 by Exploiting JWT Realm and File Overwrite Vulnerabilities
The article details a step‑by‑step exploitation chain against a site using JWT authentication and an upload endpoint, showing how modifying the JWT realm, removing the Bearer keyword, and abusing Amazon S3/CloudFront default settings enabled arbitrary file overwrite and yielded a total $23,000 bounty.
Authorization HeaderBug BountyCloudFront
0 likes · 7 min read
