.webp)
Diving into the world of bug bounty, this article serves as an essential toolkit for aspiring and seasoned security researchers alike.
It compiles a vast array of vulnerabilities, bypass techniques, and strategic insights gathered from diverse sources.
Whether you’re looking to enhance your hacking skills, contribute to cybersecurity, or simply explore the depths of bug bounty hunting, this guide offers a wealth of knowledge to navigate the intricate landscape of cybersecurity challenges.
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
List Vulnerability
- Arbitrary File Upload
- CRLF Injection
- Cross Site Request Forgery (CSRF)
- Cross Site Scripting (XSS)
- Denial of Service (DoS)
- Exposed Source Code
- Host Header Injection
- Insecure Direct Object References (IDOR)
- Local File Inclusion (LFI)
- Mass Assignment
- NoSQL Injection (NoSQLi)
- OAuth Misconfiguration
- Open Redirect
- Reflected File Download (RFD)
- Remote File Inclusion (RFI)
- Server Side Include Injection (SSI Injection)
- Server Side Request Forgery
- SQL Injection (SQLi)
- Web Cache Deception
- Web Cache Poisoning
List Bypass
Checklist
- Forgot Password Functionality
- Register Functionality SOON!
CVEs
- CVEs 2021
- CVEs 2022 (SOON)
- CVEs 2023 (SOON)
Miscellaneous
- Account Takeover
- Broken Link Hijacking
- Business Logic Errors
- Default Credentials
- Email Spoofing
- JWT Vulnerabilities
- Tabnabbing
Technologies
- Apache (HTTP Server)
- Confluence
- Grafana
- HAProxy
- Jenkins
- Jira
- Joomla
- Laravel
- Moodle
- Nginx
- WordPress
- Zend
Reconnaissance
To-Do-List
- Tidy up the reconnaisance folder
- Added more lesser known web attacks
- Added CVEs folder
- Writes multiple payload bypasses for each vulnerability
- Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
- Payload SQL injection for each WAF (Cloudflare, Cloudfront)
.webp&description=Diving into the world of bug bounty, this article serves as an essential toolkit for aspiring and seasoned security researchers alike.){kind=link}