Resources-for-Beginner-Bug-Bounty-Hunters/assets/blogposts.md

Resources-for-Beginner-Bug-Bounty-Hunters

Blog posts

A collection of Blog Posts ordered by Vulnerability Types

• XSS
  • DOM XSS
  • Sored XSS
  • CSP Bypass
• SSRF
• Vulnerability Scanning
• Token / Authentication
• SQL Injection
• Mobile
  • iOS
  • Android
• HTTP Desync
• File Upload
• Automation
• Buffer Overflow
• IDOR
• Misc

XSS

You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:

• XSS on Google Search - Sanitizing HTML in The Client? - by LiveOverflow
  • The Fix
• Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program - by Sam Curry
• Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty - by @th3_hidd3n_mist
• Microsoft Edge (Chromium) - EoP via XSS to Potential RCE - by @Qab

DOM XSS

• https://hackerone.com/reports/297968
• https://hackerone.com/reports/168165
• https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html

Stored XSS

• https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
• https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
• https://opnsec.com/2018/03/stored-xss-on-facebook/
• https://klikki.fi/adv/yahoo.html
• https://klikki.fi/adv/yahoo2.html
• https://hackerone.com/reports/422043
• https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss

CSP Bypass

• https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html

SSRF

• DEF CON 27 Conference - Ben Sadeghipour - Owning The Clout Through Server Side Request Forgery
  - Nahamsec & daeken | DEFCON 2019
• Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks
  - Alyssa Herrera | Hack.lu 2019
• Vimeo upload function SSRF - by Sayed Abdelhafiz

Vulnerability Scanning

• NMAP For Vulnerability Discovery - by Sachin Wagh

Token / Authentication

• Abusing feature to steal your tokens - by Harsh Jaiswal
• How I was able to bypass OTP code requirement in Razer [The story of a critical bug] - by Ananda Dhakal
• Bypassing GitHub's OAuth flow - by @not_aardvark

SQL Injection

• Time-Based Blind SQL Injection In GraphQL - Divyanshu Shukla
• SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database - by spaceraccoon

Mobile

iOS

• From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 - by spaceraccoon

Android

• A deep dive into reversing Android pre-Installed apps and the BlackHat Talk - by Maddie Stone

HTTP Desync

• HTTP Desync Attacks: Request Smuggling Reborn in combination with this report - by James Kettle
• HTTP Request Smuggling on vpn.lob.com - by 0X0 (painreigns)

File Upload

• Webshell via File Upload on ecjobs.starbucks.com.cn - by johnstone
• Facebook Messenger server random memory exposure through corrupted GIF image - by @xdzmitry
• A Tale of Exploitation in Spreadsheet File Conversions - by @bbuerhaus@daeken@erbbysam@smiegles

Automation

• Fasten your Recon process using Shell Scripting - by Mohd Shibli
• Beginner’s Guide to recon automation - by Ashish Jha
• Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - by STÖK & Fisher

Buffer Overflow

• Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty - by Sam Curry

IDOR

• Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method - by Vijay Kumar
• GraphQL IDOR leads to information disclosure - by @R0X4R
• From Multiple IDORs leading to Code Execution on a different Host Container by @Rahul_R95

Misc

• Notes about Nahamsecs Recon Sessions by maverickNerd
• Writing a Simple Buffer Overflow Exploit by LiveOverflow
• Hacking GitHub with Unicode's dotless 'i'
• Abusing autoresponders and email bounces by securinti
• Abusing HTTP hop-by-hop request headers by @nj_dav
• Cracking reCAPTCHA, Turbo Intruder style by James Kettle

---

back to Intro Page