mirror of
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters.git
synced 2024-11-25 21:20:21 +00:00
8.6 KiB
8.6 KiB
Resources-for-Beginner-Bug-Bounty-Hunters
Blog posts
A collection of Blog Posts ordered by Vulnerability Types
- XSS
- SSRF
- Vulnerability Scanning
- Token / Authentication
- SQL Injection
- Mobile
- HTTP Desync
- File Upload
- Automation
- Buffer Overflow
- IDOR
- GraphQL
- Misc
XSS
You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
- XSS on Google Search - Sanitizing HTML in The Client? - LiveOverflow
- Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program - Sam Curry
- Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty - @th3_hidd3n_mist
- Microsoft Edge (Chromium) - EoP via XSS to Potential RCE - @Qab
DOM XSS
- Persistent DOM-based XSS in https://help.twitter.com via localStorage - harisec
- DOM based XSS in search functionality - sameoldstory
- A Tale Of A DOM Based XSS In Paypal - Rafay Baloch
- H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing - filedescriptor
Stored XSS
- Another XSS in Google Colaboratory - Michał Bentkowski
- Google adwords 3133.7$ Stored XSS - Emad Shanab
- Stored XSS on Facebook - Enguerran Gillier
- Yahoo Mail stored XSS - Jouko Pynnönen
- Yahoo Mail stored XSS #2 - Jouko Pynnönen
- Account Recovery XSS - Gábor Molnár
CSP Bypass
SSRF
- DEF CON 27 Conference - Ben Sadeghipour - Owning The Clout Through Server Side Request Forgery
- Nahamsec & daeken | DEFCON 2019 - Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks
- Alyssa Herrera | Hack.lu 2019 - Vimeo upload function SSRF - Sayed Abdelhafiz
Vulnerability Scanning
- NMAP For Vulnerability Discovery - Sachin Wagh
Token / Authentication
- Abusing feature to steal your tokens - Harsh Jaiswal
- How I was able to bypass OTP code requirement in Razer [The story of a critical bug] - Ananda Dhakal
- Bypassing GitHub's OAuth flow - @not_aardvark
SQL Injection
- Time-Based Blind SQL Injection In GraphQL - Divyanshu Shukla
- SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database - spaceraccoon
- Finding SQL injections fast with white-box analysis — a recent bug example - @frycos
- How we hacked one of the worlds largest Cryptocurrency Website - strynx
Mobile
iOS
Android
- A deep dive into reversing Android pre-Installed apps and the BlackHat Talk - Maddie Stone
HTTP Desync
- HTTP Desync Attacks: Request Smuggling Reborn in combination with this report - James Kettle
- HTTP Request Smuggling on vpn.lob.com - 0X0 (painreigns)
File Upload
- Webshell via File Upload on ecjobs.starbucks.com.cn - johnstone
- Facebook Messenger server random memory exposure through corrupted GIF image - @xdzmitry
- A Tale of Exploitation in Spreadsheet File Conversions - @bbuerhaus//@daeken//@erbbysam//@smiegles
Automation
- Fasten your Recon process using Shell Scripting - Mohd Shibli
- Beginner’s Guide to recon automation - Ashish Jha
- Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - STÖK & Fisher
Buffer Overflow
IDOR
- Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method - Vijay Kumar
- GraphQL IDOR leads to information disclosure - @R0X4R
- From Multiple IDORs leading to Code Execution on a different Host Container - @Rahul_R95
GraphQL
- Private System Note Disclosure using GraphQL - Ron Chan
- Graphql Abuse to Steal Anyone’s Address - pratik yadav
Misc
- Notes about Nahamsecs Recon Sessions - maverickNerd
- Writing a Simple Buffer Overflow Exploit - LiveOverflow
- Hacking GitHub with Unicode's dotless 'i'
- Abusing autoresponders and email bounces - securinti
- Abusing HTTP hop-by-hop request headers - @nj_dav
- Cracking reCAPTCHA, Turbo Intruder style - James Kettle
- Abusing ImageMagick to obtain RCE - strynx
back to Intro Page