mirror of
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters.git
synced 2024-11-26 05:30:23 +00:00
7.4 KiB
7.4 KiB
Resources-for-Beginner-Bug-Bounty-Hunters
Blog posts
A collection of Blog Posts ordered by Vulnerability Types
- XSS
- SSRF
- Vulnerability Scanning
- Token / Authentication
- SQL Injection
- Mobile
- HTTP Desync
- File Upload
- Automation
- Buffer Overflow
- IDOR
- Misc
XSS
You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
- XSS on Google Search - Sanitizing HTML in The Client? - by LiveOverflow
- Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program - by Sam Curry
- Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty - by @th3_hidd3n_mist
- Microsoft Edge (Chromium) - EoP via XSS to Potential RCE - by @Qab
DOM XSS
- https://hackerone.com/reports/297968
- https://hackerone.com/reports/168165
- https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html
Stored XSS
- https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
- https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
- https://opnsec.com/2018/03/stored-xss-on-facebook/
- https://klikki.fi/adv/yahoo.html
- https://klikki.fi/adv/yahoo2.html
- https://hackerone.com/reports/422043
- https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss
CSP Bypass
SSRF
- DEF CON 27 Conference - Ben Sadeghipour - Owning The Clout Through Server Side Request Forgery
- Nahamsec & daeken | DEFCON 2019 - Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks
- Alyssa Herrera | Hack.lu 2019 - Vimeo upload function SSRF - by Sayed Abdelhafiz
Vulnerability Scanning
- NMAP For Vulnerability Discovery - by Sachin Wagh
Token / Authentication
- Abusing feature to steal your tokens - by Harsh Jaiswal
- How I was able to bypass OTP code requirement in Razer [The story of a critical bug] - by Ananda Dhakal
- Bypassing GitHub's OAuth flow - by @not_aardvark
SQL Injection
- Time-Based Blind SQL Injection In GraphQL - Divyanshu Shukla
- SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database - by spaceraccoon
Mobile
iOS
- From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 - by spaceraccoon
Android
- A deep dive into reversing Android pre-Installed apps and the BlackHat Talk - by Maddie Stone
HTTP Desync
- HTTP Desync Attacks: Request Smuggling Reborn in combination with this report - by James Kettle
- HTTP Request Smuggling on vpn.lob.com - by 0X0 (painreigns)
File Upload
- Webshell via File Upload on ecjobs.starbucks.com.cn - by johnstone
- Facebook Messenger server random memory exposure through corrupted GIF image - by @xdzmitry
- A Tale of Exploitation in Spreadsheet File Conversions - by @bbuerhaus@daeken@erbbysam@smiegles
Automation
- Fasten your Recon process using Shell Scripting - by Mohd Shibli
- Beginner’s Guide to recon automation - by Ashish Jha
- Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - by STÖK & Fisher
Buffer Overflow
IDOR
- Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method - by Vijay Kumar
- GraphQL IDOR leads to information disclosure - by @R0X4R
- From Multiple IDORs leading to Code Execution on a different Host Container by @Rahul_R95
Misc
- Notes about Nahamsecs Recon Sessions by maverickNerd
- Writing a Simple Buffer Overflow Exploit by LiveOverflow
- Hacking GitHub with Unicode's dotless 'i'
- Abusing autoresponders and email bounces by securinti
- Abusing HTTP hop-by-hop request headers by @nj_dav
- Cracking reCAPTCHA, Turbo Intruder style by James Kettle
back to Intro Page