Bug Bounty Reference

A list of bug bounty write-up that is categorized by the bug nature, Written by ngalongc this is inspired by https://github.com/djadmin/awesome-bug-bounty

My intention is to make a full and complete list of common vulnerability that are publicly disclosed bug bounty write-up, and let Bug Bounty Hunter to use this page as a reference when they want to gain some insight for a particular kind of vulnerability during Bug Hunting, feel free to submit pull request. Okay, enough for chit-chatting, let’s get started.

Cross-Site Scripting (XSS)

Brute Force

SQL Injection

Stealing Access Token

Google oauth bypass

CSRF

Remote Code Execution

Deserialization

Image Tragick

Insecure Direct Object Reference (IDOR)

XXE

Unrestricted File Upload

Server Side Request Forgery (SSRF)

Race Condition

Business Logic Flaw

Authentication Bypass

HTTP Header Injection

Subdomain Takeover

Author Write Up

XSSI

Email Related

Money Stealing

2017 Local File Inclusion

Miscellaneous

Following form a recent Blog post from My Friend Arbaz Hussain I’m Sharing out “10 rules of Bug Bounty”
  1. Targeting the Bug Bounty Program
  2. How do you Approach the Target ?
  3. Don’t Expect Anything !
  4. Less Knowledge about Vulnerabilities and Testing Methodologies :
  5. Surround yourself with Bug Bounty Community to keep yourself Updated.
  6. AUTOMATION
  7. GET BOUNTY or GET EXPERIENCE:
  8. FIND THE “BUG” or FIND A “BUG’S CHAIN”:
  9. FOLLOW MASTER’S PATH:
  10. RELAX & ENJOY LIFE:
If You want to Learn about these Steps In Details Follow Up the link
Being a security researcher, it is really tough to keep yourself up to date. I’d as
All about Bug Bounty

Post navigation


Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest