Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Top Related Projects
A list of resources for those interested in getting started in bug bounties
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
A list of interesting payloads, tips and tricks for bug bounty hunters.
Ressources for bug bounty hunting
A collection of various awesome lists for hackers, pentesters and security researchers
Quick Overview
The "Awesome-Bugbounty-Writeups" repository is a curated list of bug bounty writeups, organized by different vulnerability types and platforms. It serves as a comprehensive resource for security researchers, bug bounty hunters, and anyone interested in learning about real-world security vulnerabilities and how they were discovered and exploited.
Pros
- Extensive collection of high-quality bug bounty writeups from various sources
- Well-organized structure, categorized by vulnerability types and platforms
- Regularly updated with new writeups and resources
- Valuable learning resource for both beginners and experienced security researchers
Cons
- Some links may become outdated or broken over time
- Quality of writeups can vary, as they come from different authors
- May not cover all possible vulnerability types or platforms
- Requires basic understanding of security concepts to fully benefit from the content
As this is not a code library, we'll skip the code examples and getting started instructions sections.
Competitor Comparisons
A list of resources for those interested in getting started in bug bounties
Pros of Resources-for-Beginner-Bug-Bounty-Hunters
- More comprehensive resource covering various aspects of bug bounty hunting
- Includes learning paths and methodologies for beginners
- Offers a wider range of content types (videos, courses, tools)
Cons of Resources-for-Beginner-Bug-Bounty-Hunters
- Less focused on specific bug bounty writeups
- May be overwhelming for absolute beginners due to the amount of information
- Requires more time to navigate and find relevant resources
Code Comparison
Not applicable for these repositories as they are primarily curated lists of resources and don't contain significant code samples.
Summary
Resources-for-Beginner-Bug-Bounty-Hunters is a more comprehensive guide for those starting in bug bounty hunting, offering a wide range of resources and learning paths. It's ideal for beginners who want a structured approach to learning.
Awesome-Bugbounty-Writeups focuses specifically on bug bounty writeups, making it more suitable for those looking to learn from real-world examples and case studies. It's better for intermediate hunters or those who prefer learning through practical examples.
Both repositories serve different purposes and can be complementary in a bug bounty hunter's learning journey. Resources-for-Beginner-Bug-Bounty-Hunters provides a broader foundation, while Awesome-Bugbounty-Writeups offers more specific, practical insights through writeups.
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Pros of awesome-bug-bounty
- More comprehensive list of resources, including platforms, tools, and educational materials
- Better organized with clear categories and subcategories
- Regularly updated with new content and contributions
Cons of awesome-bug-bounty
- Lacks specific writeups and case studies of real-world bug bounty reports
- Less focused on practical examples and learning from actual vulnerabilities
- May be overwhelming for beginners due to the sheer volume of information
Code Comparison
While both repositories are primarily curated lists of resources, they don't contain significant code snippets. However, here's a comparison of their README structures:
awesome-bug-bounty:
# awesome-bug-bounty
A comprehensive curated list of Bug Bounty Programs and write-ups.
## Table of Contents
- [Getting Started](#getting-started)
- [Bug Bounty Platforms](#bug-bounty-platforms)
- [Tools](#tools)
Awesome-Bugbounty-Writeups:
# Awesome Bugbounty Writeups
A curated list of bugbounty writeups.
## Contributing
Your contributions are always welcome!
The awesome-bug-bounty repository has a more structured and detailed README, while Awesome-Bugbounty-Writeups focuses primarily on the list of writeups.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
Pros of bug-bounty-reference
- More comprehensive categorization of vulnerabilities and attack vectors
- Includes a section on tools and resources for bug bounty hunting
- Regularly updated with new content and references
Cons of bug-bounty-reference
- Less focus on specific writeups and real-world examples
- Navigation can be more challenging due to the extensive list of links
- Lacks a curated selection of high-quality or notable reports
Code comparison
While both repositories primarily consist of markdown files with lists of links and resources, bug-bounty-reference includes a simple HTML file for better navigation:
<!-- bug-bounty-reference -->
<h3>
<a id="user-content-cross-site-scripting-xss" class="anchor" href="#cross-site-scripting-xss" aria-hidden="true"><span class="octicon octicon-link"></span></a>Cross-Site Scripting (XSS)</h3>
Awesome-Bugbounty-Writeups uses a more straightforward markdown approach:
## Cross-Site Scripting (XSS)
- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) - LiveOverflow
- [XSS on Google Search - Efficiently finding XSS](https://www.youtube.com/watch?v=t5fB6OZsR6c) - LiveOverflow
Both repositories serve as valuable resources for bug bounty hunters, with bug-bounty-reference offering a more comprehensive reference guide and Awesome-Bugbounty-Writeups focusing on curated writeups and real-world examples.
A list of interesting payloads, tips and tricks for bug bounty hunters.
Pros of bugbounty-cheatsheet
- More concise and focused on specific techniques and payloads
- Organized by vulnerability type, making it easier to find relevant information quickly
- Includes practical examples and code snippets for immediate use
Cons of bugbounty-cheatsheet
- Less comprehensive in terms of overall bug bounty knowledge and resources
- Lacks detailed explanations and context for each vulnerability or technique
- May not be as suitable for beginners who need more in-depth information
Code Comparison
bugbounty-cheatsheet:
# CRLF injection
%0ASet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
%0D%0ASet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
%0DSet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
Awesome-Bugbounty-Writeups:
No direct code snippets available in the repository.
The focus is on curating and organizing writeups rather than providing code examples.
Both repositories serve different purposes in the bug bounty community. bugbounty-cheatsheet is a quick reference guide for specific techniques, while Awesome-Bugbounty-Writeups is a comprehensive collection of detailed writeups and resources. The choice between them depends on the user's needs and experience level in bug bounty hunting.
Ressources for bug bounty hunting
Pros of Bug-bounty
- More focused on practical tools and resources for bug bounty hunting
- Includes a section on bug bounty platforms and programs
- Provides links to useful browser extensions for bug hunters
Cons of Bug-bounty
- Less comprehensive collection of writeups compared to Awesome-Bugbounty-Writeups
- Not as frequently updated or maintained
- Lacks categorization by vulnerability types or specific technologies
Code Comparison
While both repositories primarily consist of curated lists and links, Bug-bounty includes some code snippets for useful commands. Here's an example from Bug-bounty:
# Find subdomains using subfinder
subfinder -d example.com -o subdomains.txt
# Run nuclei on discovered subdomains
cat subdomains.txt | nuclei -t nuclei-templates
Awesome-Bugbounty-Writeups doesn't include code snippets, focusing instead on organizing and categorizing writeups and resources.
Summary
Bug-bounty offers a more practical approach with tools and resources for active bug hunters, while Awesome-Bugbounty-Writeups provides a more extensive collection of writeups for learning and reference. The choice between the two depends on whether you're looking for hands-on tools or a comprehensive library of past vulnerabilities and their explanations.
A collection of various awesome lists for hackers, pentesters and security researchers
Pros of Awesome-Hacking
- Broader scope covering various hacking topics beyond just bug bounties
- More extensive collection of resources and tools
- Regularly updated with new content and categories
Cons of Awesome-Hacking
- Less focused on specific bug bounty writeups and case studies
- May be overwhelming for beginners due to the vast amount of information
- Lacks detailed explanations or summaries for each resource
Code Comparison
While both repositories are primarily curated lists of resources, they don't contain significant code samples. However, here's a comparison of their README structures:
Awesome-Bugbounty-Writeups:
## Table of Contents
- [Recon](#recon)
- [SQL Injection](#sql-injection)
- [XSS](#xss)
...
Awesome-Hacking:
### Contents
- [Awesome Hacking](#awesome-hacking)
- [Computer](#computer)
- [Network](#network)
- [Reverse Engineering](#reverse-engineering)
...
Both repositories use similar Markdown structures for organizing their content, but Awesome-Hacking has a more detailed and hierarchical organization due to its broader scope.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Contents
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Clickjacking (UI Redressing Attack)
- Local File Inclusion (LFI)
- Subdomain Takeover
- Denial of Service (DOS)
- Authentication Bypass
- SQL injection
- Insecure Direct Object Reference (IDOR)
- 2FA Related issues
- CORS Related issues
- Server Side Request Forgery (SSRF)
- Race Condition
- Remote Code Execution (RCE)
- Android Pentesting
- Contributing
- Maintainers
Cross Site Scripting (XSS)
- From P5 to P2 to 100 BXSS
- Google Acquisition XSS (Apigee)
- XSS on Microsoft.com via Angular Js template injection
- Researching Polymorphic Images for XSS on Google Scholar
- Netflix Party Simple XSS
- Stored XSS in google nest
- Self XSS to persistent XSS on login portal
- Universal XSS affecting Firefox
- XSS WAF Character limitation bypass like a boss
- Self XSS to Account Takeover
- Reflected XSS on Microsoft subdomains
- The tricky XSS
- Reflected XSS in AT&T
- XSS on Google using Acunetix
- Exploiting websocket application wide XSS
- Reflected XSS with HTTP Smuggling
- XSS on Facebook instagram CDN server bypassing signature protection
- XSS on Facebook's Acquisition Oculus
- XSS on sony Subdomain
- Exploiting Self XSS
- Effortlessly Finding Cross Site Scripting inclusion XSSI
- Bugbounty a DOM XSS
- Blind XSS : a mind Game
- FireFox IOS QR code reader XSS(CVE-2019-17003)
- HTML injection to XSS
- CVE-2020-13487 | Authenticated Stored Cross-site Scripting in bbPress
- XSS at error page of repository code
- XSS like a Pro
- How I turned self XSS to stored XSS via CSRF
- XSS Stored on Outlook web
- XSS Bug 20 Chars Blind XSS Payload
- XSS in AMP4EMAIL(DOM clobbering)
- DOM Based XSS bug bounty writeup
- XSS will never die
- 5000 USD XSS issue at avast desktop antivirus
- XSS to account takeover
- How Paypal helped me to generate XSS
- Bypass Uppercase filters like a PRO(XSS advanced methods)
- Stealing login credentials with reflected XSS
- bughunting xss on cookie popup warning
- XSS is love
- Oneplus XSS vulnerability in customer support portal
- Exploiting cookie based XSS by finding RCE
- Stored XSS on zendesk via macros
- XSS in ZOHO main
- DOM based XSS in private program
- Bugbounty writeup : Take Attention and get stored XSSS
- How I xssed admin account
- Clickjacking XSS on google
- Stored XSS on laporbugid
- Leveraging angularjs based XSS to privilege escalation
- How I found XSS by searching in shodan
- Chaining caache poisining to stored XSS
- XSS to RCE
- XSS on twitter worth 1120
- Reflected XSS in ebay.com
- Cookie based XSS exolpoitation 2300 bug bounty
- What do netcat -SMTP-self XSS have in common
- XSS on google custom search engine
- Story of a Full Account Takeover vulnerability N/A to Accepted
- Yeah I got p2 in 1 minute stored XSS via markdown editor
- Stored XSS on indeed
- Self XSS to evil XSS
- How a classical XSS can lead to persistent ATO vulnerability
- Reflected XSS in tokopedia train ticket
- Bypassing XSS filter and stealing user credit card data
- Googleplex.com blind XSS
- Reflected XSS on error page
- How I was able to get private ticket response panel and fortigate web panel via blind XSS
- Unicode vs WAF
- Story of URI based XSS with some simple google dorking
- Stored XSS on edmodo
- XSSed my way to 1000
- Try harder for XSS
- From parameter pollution to XSS
- MIME sniffing XSS
- Stored XSS on techprofile Microsoft
- Tale of a wormable Twitter XSS
- XSS attacks google bot index manipulation
- From Reflected XSS to Account takeover
- Stealing local storage data through XSS
- CSRF attack can lead to stored XSS
- XSS Reflected (filter bypass)
- XSS protection bypass on hackerone private program
- Just 5 minutes to get my 2nd Stored XSS on edmodo.com
- Multiple XSS in skype.com
- Obtaining XSS using moodle featured and minor bugs
- XSS on 403 forbidden bypass akamai WAF
- How I was turn self XSS into reflected XSS
- A Tale of 3 XSS
- Stored XSS on Google.com
- Stored XSS in the Guides gameplaersion (www.dota2.com)
- Admin google.com reflected XSS
- Paypal Stored security bypass
- Paypal DOM XSS main domain
- Bugbounty : The 5k$ Google XSS
- Facebook stored XSS
- Ebay mobile reflected XSS
- Magix bugbounty XSS writeup
- Abusing CORS for an XSS on flickr
- XSS on google groups
- Oracle XSS
- Content types and XSS Facebook Studio
- Admob Creative image XSS
- Amazon Packaging feedback XSS
- PaypalTech XSS
- Persistent XSS on my world
- Google VRP XSS in device management
- Google VRP XSS
- Google VRP Blind XSS
- WAZE XSS
- Referer Based XSS
- How we invented the Tesla DOM XSS
- Stored XSS on rockstar game
- How I was able to bypass strong XSS protection in well known website imgur.com
- Self XSS to Good XSS
- That escalated quickly : from partial CSRF to reflected XSS to complete CSRF to Stored XSS
- XSS using dynamically generated js file
- Bypassing XSS filtering at anchor Tags
- XSS by tossing cookies
- Coinbase angularjs dom XSS via kiteworks
- Medium Content spoofing and XSS
- Managed Apps and music a tale of two XSSes in Google play
- Making an XSS triggered by CSP bypass on twitter
- Escalating XSS in phantomjs image rendering to SSRF
- Reflected XSS in Simplerisk
- Stored XSS in the heart of the russian email provider
- How I built an XSS worm on atmail
- XSS on bugcrowd and so many other websites main domain
- Godaddy XSS affects parked domains redirector Processor
- Stored XSS in Google image search
- A pair of plotly bugs stored XSS abd AWS metadata
- Near universal XSS in mcafee web gateway
- Penetrating Pornhub XSS vulns
- How I found a 5000 Google maps XSS by fiddling with protobuf
- Airbnb when bypassing json encoding XSS filter WAF CSP and auditior turns into eight vulnerabilities
- Lightwight markup a trio of persistent XSS in gitlab
- XSS ONE BAY
- SVG XSS in unifi
- Stored XSS in unifi V4.8.12 controller
- Turning self XSS into good XSS v2
- SWF XSS DOM Based XSS
- XSS filter bypass in Yahoo Dev flurry
- XSS on Flickr
- Two vulnerabilities makes an exploit XSS and csrf in bing
- Runkeeper stored XSS
- Google sleeping XSS awakens 5k bounty
- Poisoning the well compromising godaddy customer support with blind XSS
- UBER turning self XSS to good XSS
- XSS on facebook via png content types
- Cloudflare XSS
- How I found XSS Vulnerability in Google
- XSS to RCE
- One payload to XSS them all
- Self XSS on komunitas
- Reclected XSS on alibabacloud
- Self XSS on komunitas bukalapak
- A real XSS in OLX
- Self XSS using IE adobes
- Stealing local storage through XSS
- 1000 USD in 5mins Stored XSS in Outlook
- OLX reflected XSS
- My first stored XSS on edmodo.com
- Hack your form new vector for BXSS
- How I found Blind XSS vulnerability in redacted.com
- 3 XSS in protonmail for iOS
- XSS in edmodo wihinin 5 mins
- Stil work redirect Yahoo subdomain XSS
- XSS in azure devOps
- Shopify reflected XSS
- Muliple Stored XSS on tokopedia
- Stored XSS on edmodo
- A unique XSS scenario 1000 Bounty
- Protonmail XSS Stored
- Chaining tricky ouath exploitation to stored XSS
- Antihack XSS to php uplaod
- Reflected XSS in zomato
- XSS through SWF file
- Hackyourform BXSS
- Reflected XSS on ASUS
- Stored XSS via Alternate text at zendesk support
- How I stumbled upon a stored XSS : my first bug bounty story
- Cookie based Self XSS to Good XSS
- Reflected XSS on amazon
- XSS worm : a creative use of web application vulnerability
- Google code in XSS
- Self XSS on indeed.com
- How I accidentally found XSS in Protonmail for iOS app
- XML XSS in yandex.ru by accident
- Critical Stored XSS vulnerability
- XSS bypass using META tag in realestate.postnl.nl
- Edmodo XSS bug
- XSS in hiden input fields
- How I discovered XSS that affected over 20 uber subdomains
- DOM based XSS or why you should not rely on cloudflare too much
- XSS in dynamics 365
- XSS deface with html and how to convert the html into charcode
- Cookie based injection XSS making explitable with exploiting other vulns
- XSS with put in ghost blog
- XSS using a Bug in safari and why blacklists are stupid
- Magic XSS with two parameters
- DOM XSS bug affecting tinder shopify Yelp
- Persistent XSS unvalidated open graph embed at linkedin.com
- My first 0day exploit CSP Bypass Reflected XSS
- Google Stored XSS in payments
- XSS on dropbox
- Weaponizing XSS attacking internal domains
- How I XSSed UBER and bypassed CSP
- RXSS and CSRF bypass to Account takeover
- Another XSS in google collaboratory
- How I bypassed AKAMAI waf in overstock.com
- Reflected XSS at philips.com
- XSS vulnerabilities in multiple iframe busters affecting top tier sites
- Reflected DOM XSS and clickjacking silvergoldbull
- Stored XSS vulnerability in h1 private
- Authbypass SQLi and XSS
- Stored XSS vulnerability in tumblr
- XSS in google code jam
- Mapbox XSS
- My first valid XSS
- Stored XSS in webcomponents.org
- 3 minutes XSS
- icloud.com DOM based XSS
- XSS at hubspot and in email areas
- Self XSS leads to blind XSS and Reflected XSS
- Refltected XSS primagames.com
- Stored XSS in gameskinny
- Blind XSS in Chrome experments Google
- Yahoo two XSSI vulnerabilities chained to steal user information (750$)
- How I found XSS on amazon
- A blind XSS in messengers twins
- XSS in microsoft Subdomain
- Persistent XSS at ah.nl
- The 12000 intersection betwenn clickjaking , XSS and DOS
- XSS in google collaboratory CSP bypass
- How I found blind XSS in apple
- Reflected XSS on amazon.com
- How I found XSS in 360totalsecurity
- The 2.5 BTC Stored XSS
- XSS Vulnerability in Netflix
- A story of a UXSS via DOM XSS clickjacking in steam inventory helper
- How I found XSS via SSRF vulnerability
- Searching for XSS found ldap injection
- how I converted SSRF to XSS in a SSRF vulnerable JIRA
- Reflected XSS in Yahoo subdomain
- Account takeover and blind XSS
- How I found 5 stored XSS on a private program
- Persistent XSS to steal passwords(Paypal)
- Self XSS + CSRF to stored XSS
- Stored XSS in yahoo and subdomains
- XSS in microsoft
- Blind XSS at customer support panel
- Reflected XSS on stackoverflow
- Stored XSS in Yahoo
- XSS 403 forbidden Bypass
- Turning self XSS into non self XSS via authorization issue at paypal
- A story of stored XSS bypass
- Mangobaaz hacked XSS to credentials
- How I got stored XSS using file upload
- Bypassing CSP to abusing XSS filter in edge
- XSS to session Hijacking
- Reflected XSS on www.zomato.com
- XSS in subdomain of yahoo
- XSS in yahoo.net subdomain
- Reflected XSS moongaloop swf version 62x
- Google adwords 3133.7 Stored XSS
- How I found a surprising XSS vulnerability on oracle netsuite
- Stored XSS on snapchat
- How I was able to bypass XSS protection on h1 private program
- Reflected XSS possible
- XSS via angularjs template injection hostinger
- Microsoft follow feature XSS (CVE-2017-8514)
- XSS protection bypass made my quickest bounty ever
- Taking note XSS to RCE in the simplenote electron client
- VMWARE official vcdx reflected XSS
- How I pwned a company using IDOR and Blind XSS
- From Recon to DOM based XSS
- Local file read via XSS
- Non persistent XSS at microsoft
- A Stored XSS in google (double kill)
- Filter bypass to Reflected XSS on finance.yahoo.com (mobile version)
- 900$ XSS in yahoo : recon wins
- How I bypassed practos firewall and triggered an XSS vulnerability
- Stored XSS to full information disclosure
- Story of parameter specific XSS
- Chaining self XSS with UI redressing leading to session hijacking
- Stored XSS with arbitrary cookie installation
- Reflective XSS and Open redirect on indeed.com subdomain
- How I found reflected XSS on Yahoo subdomain
- Dont just alert(1) because XSS is more fun
- UBER XSS by helpe of KNOXSS
- Reflected XSS in Yahoo
- Reflected XSS on ww.yahoo.com
- XSS because of wrong content type header
Cross Site Request Forgery (CSRF)
- How a simple CSRF attack turned into a P1
- How I exploited the json csrf with method override technique
- How I found CSRF(my first bounty)
- Exploiting websocket application wide XSS and CSRF
- Site wide CSRF on popular program
- Using CSRF I got weird account takeover
- CSRF CSRF CSRF
- Google Bugbounty CSRF in learndigital.withgoogle.com
- CSRF token bypass [a tale of 2k bug]
- 2FA bypass via CSRF attack
- Stored iframe injection CSRF account takeover
- Instagram delete media CSRF
- An inconsistent CSRF
- Bypass CSRF with clickjacking worth 1250
- Sitewide CSRF graphql
- Account takeover using CSRF json based
- CORS to CSRF attack
- My first CSRF to account takeover
- 4x chained CSRFs chained for account takeover
- CSRF can lead to stored XSS
- Yet other examples of abusing CSRF in logout
- Wordpress CSRF to RCE
- Bruteforce user IDs via CSRF to delete all the users with CSRF attack
- CSRF Bypass using cross frame scripting
- Account takeover via CSRF
- A very useful technique to bypass the CSRF protection
- CSRF account takeover exlpained automated manual bugbounty
- CSRF to account takeover
- How I got 500USD from microsoft for CSRF vulnerability
- Critical Bypass CSRF protection
- RXSS CSRF bypass to full account takeover
- Youtube CSRF
- Self XSS + CSRF = Stored XSS
- Ribose IDOR with simple CSRF bypass unrestrcited changes and deletion to other photo profile
- JSON CSRF attack on a social networking site
- Hacking facebook oculus integration CSRF
- Amazon leaking CSRF token using service worker
- Facebook graphql CSRF
- Chain the vulnerabilities and take your report impact on the moon csrf to html injection
- Partial CSRF to Full CSRF
- Stealing access token of one drive integration by chain csrf vulnerability
- Metasploit web project kill all running taks CSRF CVE-2017-5244
- Messenger site wide CSRF
- Hacking Facebook CSRF device login flow
- Two vulnerabilities makes an exploit XSS and CSRF in bing
- How I bypassed Facebook in 2016
- Ubiquiti bugbounty unifi generic CSRF protection Bypass
- Bypass Facebook CSRF
- Facebook CSRF full account takeover
Clickjacking (UI redressing attack)
- Google Bug bounty Clickjacking on Google payment
- Google APIs Clickjacking worth 1337$
- Clickjacking + XSS on Google org
- Bypass CSRF with clickjacking on Google org
- 1800 worth Clickjacking
- Account takeover with clickjacking
- Clickjacking on google CSE
- How I accidentally found clickjacking in Facebook
- Clickjacking on google myaccount worth 7500
- Clickjacking in google docs and void typing feature
- Reflected DOM XSS and Clickjacking
- binary.com clickjacking vulnerability exploiting HTML5 security features
- 12000 intersection betwen clickjacking XSS and denial of service
- Steam fire and paste : a story of uxss via DOM XSS and Clickjacking in steam inventory helper
- Yet another Google Clickjacking
- Redressing instagram leaking application tokens via instagram clickjacking vulnerability
- Self XSS to Good XSS and Clickjacking
- Microsoft Yammer clickjacking exploiting HTML5 security features
- Firefox find my device clickjacking
- Whatsapp Clickjacking vulnerability
- Telegram WEB client clickjacking vulnerability
- Facebook Clickjacking : how we put a new dress on facebook UI
Local File Inclusion (LFI)
- RFI LFI Writeup
- My first LFI
- Bug bounty LFI at Google.com
- Google LFI on production servers in redacted.google.com
- LFI to 10 server pwn
- LFI in apigee portals
- Chain the bugs to pwn an organisation LFI unrestricted file upload to RCE
- How we got LFI in apache drill recom like a boss
- Bugbounty journey from LFI to RCE
- LFI to RCE on deutche telekom bugbounty
- From LFI to RCE via PHP sessions
- magix bugbounty magix.com XSS RCE SQLI and LFI
- LFI in nokia maps
Subdomain Takeover
- How I bought my way to subdomain takeover on tokopedia
- Subdomain Takeover via pantheon
- Subdomain takeover : a unique way
- Escalating subdomain takeover to steal sensitive stuff
- Subdomain takeover awarded 200
- Subdomain takeover via wufoo service
- Subdomain takeover via Hubspot
- Souq.com subdomain takeover
- Subdomain takeover : new level
- Subdomain takeover due to misconfigured project settings for custom domain
- Subdomain takeover via shopify vendor
- Subdomain takeover via unsecured s3 bucket
- Subdomain takeover worth 200
- Subdomain takeover via campaignmonitor
- How to do 55000 subdomain takeover in a blink of an eye
- Subdomain takeover Starbucks (Part 2)
- Subdomain takeover Starbucks
- Uber wildcard subdomain takeover
- Bugcrowd domain subdomain takeover vulnerability
- Subdomain takeover vulnerability (Lamborghini Hacked)
- Authentication bypass on uber's SSO via subdomain takeover
- Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com
Denial of Service (DOS)
- Long String DOS
- AIRDOS
- Denial of Service DOS vulnerability in script loader (CVE-2018-6389)
- Github actions DOS
- Application level denial of service
- Banner grabbing to DOS and memory corruption
- DOS across Facebook endpoints
- DOS on WAF protected sites
- DOS on Facebook android app using zero width no break characters
- Whatsapp DOS vulnerability on android and iOS
- Whatsapp DOS vulnerability in iOS android
Authentication Bypass
- Touch ID authentication Bypass on evernote and dropbox iOS apps
- Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect
- Two factor authentication bypass
- Instagram multi factor authentication bypass
- Authentication bypass in nodejs application
- Symantec authentication Bypass
- Authentication bypass in CISCO meraki
- Slack SAML authentocation bypass
- Authentication bypass on UBER's SSO
- Authentication Bypass on airbnb via oauth tokens theft
- Inspect element leads to stripe account lockout authentication Bypass
- Authentication bypass on SSO ubnt.com
SQL Injection(SQLI)
- Tricky oracle SQLI situation
- Exploiting âGoogle BigQueryâ SQLI
- SQLI via stopping the redirection to a login page
- Finding SQLI with white box analysis a recent bug example
- Bypassing a crappy WAF to exploit a blind SQLI
- SQL Injection in private-site.com/login.php
- Exploiting tricky blind SQLI
- SQLI in forget password fucntion
- SQLI Bug Bounty
- File Upload blind SQLI
- SQL Injection
- SQLI through User Agent
- SQLI in insert update query without comma
- SQLI for 50 bounty
- Abusing MYSQL CLients
- SQLI Authentication Bypass AutoTrader Webmail
- ZOL Zimbabwe Authentication Bypass to XSS & SQLi
- SQLI bootcamp.nutanix.com
- SQLI in University of Cambridge
- Making a blind SQLI a little less Blind SQLI
- SQLI amd silly WAF
- Attacking Postgresql Database
- Bypassing Host Header to SQL injection to dumping Database â An unusual case of SQL injection
- A 5 minute SQLI
- Union based SQLI writeup
- SQLI with load file and into outfile
- SQLI is Everywhere
- SQLI in Update Query Bug
- Blind SQLI Hootsuite
- Yahoo â Root Access SQLI â tw.yahoo.com
- Step by Step Exploiting SQLI in Oculus
- Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
- Tesla Motors blind SQLI
- SQLI in Nokia Sites
Insecure Direct Object Reference (IDOR)
- Disclose Private Dashboard Chart's name and data in Facebook Analytics
- Disclosing privately shared gaming clips of any user
- Adding anyone including non-friend and blocked people as co-host in personal event!
- Page analyst could view job application details
- Deleting Anyone's Video Poll
2FA related issues
- 2FA Bypass via logical rate limiting Bypass
- Bypass 2FA in a website
- Weird and simple 2FA bypass
- How I cracked 2FA with simple factor bruteforce
- Instagram account is reactivated without entering 2FA
- How to bypass 2FA with a HTTP header
- How I hacked 40k user accounts of microsoft using 2FA bypass outlook
- How I abused 2FA to maintain persistence after password recovery change google microsoft instragram
- Bypass hackerone 2FA
- Facebook Bug bounty : How I was able to enumerate instagram accounts who had enabled 2FA
CORS related issues
- CORS bug on google's 404 page (rewarded)
- CORS misconfiguration leading to private information disclosure
- CORS misconfiguration account takeover out of scope to grab items in scope
- Chrome CORS
- Bypassing CORS
- CORS to CSRF attack
- An unexploited CORS misconfiguration reflecting further issues
- Think outside the scope advanced cors exploitation techniques
- A simple CORS misconfiguration leaked private post of twitter facebook instagram
- Explpoiting CORS misconfiguration
- Full account takeover through CORS with connection sockets
- Exploiting insecure CORS API api.artsy.net
- Pre domain wildcard CORS exploitation
- Exploiting misconfigured CORS on popular BTC site
- Abusing CORS for an XSS on flickr
Server Side Request Forgery (SSRF)
- Exploiting an SSRF trials and tribulations
- SSRF on PDF generator
- Google VRP SSRF in Google cloud platform stackdriver
- Vimeo upload function SSRF
- SSRF via ffmeg processing
- My first SSRF using DNS rebinding
- Bugbounty simple SSRF
- SSRF reading local files from downnotifier server
- SSRF vulnerability
- Gain adfly SMTP access with SSRF via gopher protocol
- Blind SSRF in stripe.com due to senntry misconfiguration
- SSRF port issue hidden approch
- The jorney of web cache firewall bypass to SSRF to AWS credentials compromise
- SSRF to local file read and abusing aws metadata
- pdfreactor SSRF to root level local files read which lead to RCE
- SSRF trick : SSRF XSPA in micosoft's bing webwaster
- Downnotifeer SSRF
- Escalating SSRF to RCE
- Vimeo SSRF with code execution potential
- SSRF in slack
- Exploiting SSRF like a boss
- AWS takeover SSRF javascript
- Into the borg of SSRF inside google production network
- SSRF to local file disclosure
- How I found an SSRF in yahoo guesthouse (recon wins)
- Reading internal files using SSRF vulnerability
- Airbnb chaining third party open redirect into SSRF via liveperson chat
Race Condition
- Exploiting a Race condition vulnerabililty
- Race condition that could result to RCE a story with an app
- Creating thinking is our everything : Race condition and business logic
- Chaining improper authorization to Race condition to harvest credit card details
- A Race condition bug in Facebook chat groups
- Race condition bypassing team limit
- Race condition on web
- Race condition bugs on Facebook
- Hacking Banks With Race Conditions
- Race Condition Bug In Web App: A Use Case
- RACE Condition vulnerability found in bug-bounty program
- How to check Race Conditions in Web Applications
Remote Code Execution (RCE)
- Microsoft RCE bugbounty
- OTP bruteforce account takeover
- Attacking helpdesk RCE chain on deskpro with bitdefender
- Remote image upload leads to RCE inject malicious code
- Finding a p1 in one minute with shodan.io RCE
- From recon to optimizing RCE results simple story with one of the biggest ICT company
- Uploading backdoor for fun and profit RCE DB creds P1
- Responsible Disclosure breaking out of a sandboxed editor to perform RCE
- Wordpress design flaw leads to woocommerce RCE
- Path traversal while uploading results in RCE
- RCE jenkins instance
- Traversing the path to RCE
- How I chained 4 bugs features into RCE on amazon
- RCE due to showexceptions
- Yahoo luminate RCE
- Latex to RCE private bug bounty program
- How I got hall of fame in two fortune 500 companies an RCE story
- RCE by uploading a web config
- 36k Google app engine RCE
- How I found 2.9 RCE at yahoo
- Bypass firewall to get RCE
- RCE vulnerabilite in yahoo subdomain
- RCE in duolingos tinycards app from android
- Unrestricted file upload to RCE
- Getting a RCE (CTF WAY)
- RCE starwars
- How I got 5500 from yahoo for RCE
- RCE in Addthis
- Paypal RCE
- My First RCE (Stressed Employee gets me 2x bounty)
- Abusing ImageMagick to obtain RCE
- How Snapdeal Kept their Users Data at Risk!
- RCE via ImageTragick
- How I Cracked 2FA with Simple Factor Brute-force!
- Found RCE but got Duplicated
- âReconâ helped Samsung protect their production repositories of SamsungTv, eCommerce eStores
- IDOR to RCE
- RCE on AEM instance without JAVA knowledge
- RCE with Flask Jinja tempelate Injection
- Race Condition that could result to RCE
- Chaining Two 0-Days to Compromise An Uber Wordpress
- Oculus Identity Verification bypass through Brute Force
- Used RCE as Root on marathon Instance
- Two easy RCE in Atlassian Products
- RCE in Ruby using mustache templates
- About a Sucuri RCEâ¦and How Not to Handle Bug Bounty Reports
- Source code disclosure vulnerability
- Bypassing custom Token Authentication in a Mobile App
- Facebookâs Burglary Shopping List
- From SSRF To RCE in PDFReacter
- Apache strust RCE
- Dell KACE K1000 Remote Code Execution
- Handlebars Tempelate Injection and RCE
- Leaked Salesforce API access token at IKEA.com
- Zero Day RCE on Mozilla's AWS Network
- Escalating SSRF to RCE
- Fixed : Brute-force Instagram accountâs passwords
- Bug Bounty 101 â Always Check The Source Code
- ASUS RCE vulnerability on rma.asus-europe.eu
- Magento â RCE & Local File Read with low privilege admin rights
- RCE in Nokia.com
- Two RCE in SharePoint
- Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over
- RCE in Hubspot with EL injection in HubL
- Github Desktop RCE
- eBay Source Code leak
- Facebook source code disclosure in ads API
- XS-Searching Googleâs bug tracker to find out vulnerable source code
Buffer Overflow Writeups
- Buffer Overflow Attack Book pdf
- Github Repository on Buffer Overflow Attack
- Stack-Based Buffer Overflow Attacks: Explained and Examples
- How Buffer Overflow Attacks Work
- Binary Exploitation: Buffer Overflows
- WHAT IS A BUFFER OVERFLOW? LEARN ABOUT BUFFER OVERRUN VULNERABILITIES, EXPLOITS & ATTACKS
Android Pentesting
Contributing
- Open Pull Requests
- Send me links of writeups to My Twitter : 0xAsm0d3us
Maintainers
This Repo is maintained by :
Top Related Projects
A list of resources for those interested in getting started in bug bounties
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
A list of interesting payloads, tips and tricks for bug bounty hunters.
Ressources for bug bounty hunting
A collection of various awesome lists for hackers, pentesters and security researchers
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot