💬Read Writeups

If you want to get in to Bug bounty ,Reading Writeups is highly Recommended.here is a checklist for that

• Insecure CORS Misconfiguration

  • 1.CORS bug on google's 404 page (rewarded)

  • 2.CORS misconfiguration leading to private information disclosure

  • 3.CORS misconfiguration account takeover out of scope to grab items in scope

  • 4.Chrome CORS

  • 5.Bypassing CORS

  • 6.CORS to CSRF attack

  • 7.An unexploited CORS misconfiguration reflecting further issues

  • 8.Think outside the scope advanced cors exploitation techniques

  • 9.A simple CORS misconfiguration leaked private post of twitter facebook instagram

  • 10.Explpoiting CORS misconfiguration

• Clickjacking (UI Redressing Attack)

  • 1.Google Bug bounty Clickjacking on Google payment

  • 2.Google APIs Clickjacking worth 1337$

  • 3.Clickjacking + XSS on Google org

  • 4.Bypass CSRF with clickjacking on Google org

  • 5.1800 worth Clickjacking

  • 6.Account takeover with clickjacking

  • 7.Clickjacking on google CSE

  • 8.How I accidentally found clickjacking in Facebook

  • 9.Clickjacking on google myaccount worth 7500

  • 10.Clickjacking in google docs and void typing feature

• Cross Site Scripting (XSS)

  • 1.From P5 to P2 to 100 BXSS

  • 2.Google Acquisition XSS (Apigee)

  • 3.XSS on Microsoft.com via Angular Js template injection

  • 4.Researching Polymorphic Images for XSS on Google Scholar

  • 5.Netflix Party Simple XSS

  • 6.Stored XSS in google nest

  • 7.Self XSS to persistent XSS on login portal

  • 8.Universal XSS affecting Firefox

  • 9.XSS WAF Character limitation bypass like a boss

  • 10.Self XSS to Account Takeover

• Cross Site Request Forgery (CSRF)

  • How a simple CSRF attack turned into a P1

  • How I exploited the json csrf with method override technique

  • How I found CSRF(my first bounty)

  • Exploiting websocket application wide XSS and CSRF

  • Site wide CSRF on popular program

  • Using CSRF I got weird account takeover

  • CSRF CSRF CSRF

  • Google Bugbounty CSRF in learndigital.withgoogle.com

  • CSRF token bypass [a tale of 2k bug]

  • 2FA bypass via CSRF attack

• Insecure Direct Object References (IDOR)

  • 1.Disclose Private Dashboard Chart's name and data in Facebook Analytics

  • 2.Disclosing privately shared gaming clips of any user

  • 3.Adding anyone including non-friend and blocked people as co-host in personal event!

  • 4.Page analyst could view job application details

  • 5.Deleting Anyone's Video Poll

• Subdomain Takeover

  • 1.How I bought my way to subdomain takeover on tokopedia

  • 2.Subdomain Takeover via pantheon

  • 3.Subdomain takeover : a unique way

  • 4.Escalating subdomain takeover to steal sensitive stuff

  • 5.Subdomain takeover awarded 200

  • 6.Subdomain takeover via wufoo service

  • 7.Subdomain takeover via Hubspot

  • 8.Souq.com subdomain takeover

  • 9.Subdomain takeover : new level

  • 10.Subdomain takeover due to misconfigured project settings for custom domain

• Broken Authentication*

• Authentication Bypass

  • 1.Touch ID authentication Bypass on evernote and dropbox iOS apps

  • 2.Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect

  • 3.Two factor authentication bypass

  • 4.Instagram multi factor authentication bypass

  • 5.Authentication bypass in nodejs application

  • 6.Symantec authentication Bypass

  • 7.Authentication bypass in CISCO meraki

  • 8.Slack SAML authentocation bypass

  • 9.Authentication bypass on UBER's SSO

  • 10.Authentication Bypass on airbnb via oauth tokens theft

• Cryptographic Failures*

• Local File Inclusion (LFI)

  • RFI LFI Writeup

  • My first LFI

  • Bug bounty LFI at Google.com

  • Google LFI on production servers in redacted.google.com

  • LFI to 10 server pwn

  • LFI in apigee portals

  • Chain the bugs to pwn an organisation LFI unrestricted file upload to RCE

  • How we got LFI in apache drill recom like a boss

  • Bugbounty journey from LFI to RCE

  • LFI to RCE on deutche telekom bugbounty

• Remote File Inclusion (RFI)*

• 2FA Related issues

  • 2FA Bypass via logical rate limiting Bypass

  • Bypass 2FA in a website

  • Weird and simple 2FA bypass

  • How I cracked 2FA with simple factor bruteforce

  • Instagram account is reactivated without entering 2FA

  • How to bypass 2FA with a HTTP header

  • How I hacked 40k user accounts of microsoft using 2FA bypass outlook

  • How I abused 2FA to maintain persistence after password recovery change google microsoft instragram

  • Bypass hackerone 2FA

  • Facebook Bug bounty : How I was able to enumerate instagram accounts who had enabled 2FA

• Server-side Template Injection (SSTI)

• Denial of Service (DOS)

  • Long String DOS

  • AIRDOS

  • Denial of Service DOS vulnerability in script loader (CVE-2018-6389)

  • Github actions DOS

  • Application level denial of service

  • Banner grabbing to DOS and memory corruption

  • DOS across Facebook endpoints

  • DOS on WAF protected sites

  • DOS on Facebook android app using zero width no break characters

  • Whatsapp DOS vulnerability on android and iOS

• Race Condition

  • Exploiting a Race condition vulnerabililty

  • Race condition that could result to RCE a story with an app

  • Creating thinking is our everything : Race condition and business logic

  • Chaining improper authorization to Race condition to harvest credit card details

  • A Race condition bug in Facebook chat groups

  • Race condition bypassing team limit

  • Race condition on web

  • Race condition bugs on Facebook

  • Hacking Banks With Race Conditions

  • Race Condition Bug In Web App: A Use Case

• XML External Entities (XXE)

• Server Side Request Forgery (SSRF)

  • Exploiting an SSRF trials and tribulations

  • SSRF on PDF generator

  • Google VRP SSRF in Google cloud platform stackdriver

  • Vimeo upload function SSRF

  • SSRF via ffmeg processing

  • My first SSRF using DNS rebinding

  • Bugbounty simple SSRF

  • SSRF reading local files from downnotifier server

  • SSRF vulnerability

  • Gain adfly SMTP access with SSRF via gopher protocol

• Command Injection

• SQL Injection

  • Tricky oracle SQLI situation

  • Exploiting “Google BigQuery” SQLI

  • SQLI via stopping the redirection to a login page

  • Finding SQLI with white box analysis a recent bug example

  • Bypassing a crappy WAF to exploit a blind SQLI

  • SQL Injection in private-site.com/login.php

  • Exploiting tricky blind SQLI

  • SQLI in forget password fucntion

  • SQLI Bug Bounty

  • File Upload blind SQLI

• Remote Code Execution (RCE)

  • Microsoft RCE bugbounty

  • OTP bruteforce account takeover

  • Attacking helpdesk RCE chain on deskpro with bitdefender

  • Remote image upload leads to RCE inject malicious code

  • Finding a p1 in one minute with shodan.io RCE

  • From recon to optimizing RCE results simple story with one of the biggest ICT company

  • Uploading backdoor for fun and profit RCE DB creds P1

  • Responsible Disclosure breaking out of a sandboxed editor to perform RCE

  • Wordpress design flaw leads to woocommerce RCE

  • Path traversal while uploading results in RCE

• NoSQL Injection

• CRLF Injection

• Open Redirect

• Parameter Pollution

• OAuth to Account Takeover