Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

a list of bug bounty write-up that is categorized by the bug nature

0
0
Bug Bounty Reference

A list of bug bounty write-up that is categorized by the bug nature, this is inspired by https://github.com/djadmin/awesome-bug-bounty

Introduction

I have been reading for Bug Bounty write-ups for a few months, I found it extremely useful to read relevant write-up when I found a certain type of vulnerability tha I have no idea how to exploit. Let say you found a RPO (Relativce Path Overwrite) in a website, but you have no idea how should you exploit that, then the perfect place to go would be here . Or you have found your customer is using oauth mechanism but you have no idea how should we test it, the other perfect place to go would be here

My intention is to make a full and complete list of common vulnerability that are publicly disclosed bug bounty write-up, and let Bug Bounty Hunter to use this page as a reference when they want to gain some insight for a particular kind of vulnerability during Bug Hunting, feel free to submit pull request. Okay, enough for chit-chatting, let's get started.

Cross-Site Scripting (XSS) External XML Entity Attack (XXE) Remote Code Execution (RCE) Cross-Site Request Forgery (CSRF) Insecure Direct Object Reference (IDOR) Stealing Access Token Google Oauth Login Bypass Server Side Request Forgery (SSRF) Unrestricted File Upload Authentication Bypass HTTP Header Injection Cross-Site Scripting (XSS) Sleeping stored Google XSS Awakens a $5000 Bounty by Patrik Fehrenbach RPO that lead to information leakage in Google by filedescriptor God-like XSS, Log-in, Log-out, Log-in in Uber by Jack Whitton Three Stored XSS in Facebook by Nirgoldshlager Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen An XSS on Facebook via PNGs & Wonky Content Types by Jack Whitton he is able to make stored XSS from a irrelevant domain to main facebook domain Stored XSS in *.ebay.com by Jack Whitton Complicated, Best Report of Google XSS by Ramzes Tricky Html Injection and Possible XSS in sms-be-vip.twitter.com by secgeek Command Injection in Google Console by Venkat S Facebook's Moves - OAuth XSS by PAULOS YIBELO Stored XSS in Google Docs (Bug Bounty) by Harry M Gertos Stored XSS on developer.uber.com via admin account compromise in Uber by James Kettle (albinowax) Yahoo Mail stored XSS by Klikki Oy Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212) by Masato Kinugawa Youtube XSS by fransrosen Best Google XSS again - by Krzysztof Kotowicz IE & Edge URL parsin Problem - by detectify Google XSS subdomain Clickjacking Microsoft XSS and Twitter XSS Google Japan Book XSS Flash XSS mega nz - by frans Flash XSS in multiple libraries - by Olivier Beg xss in google IE, Host Header Reflection Years ago Google xss xss in google by IE weird behavior xss in Yahoo Fantasy Sport xss in Yahoo Mail Again, worth $10000 by Klikki Oy Sleeping XSS in Google by securityguard Decoding a .htpasswd to earn a payload of money by securityguard Google Account Takeover AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2 by geekboy Uber Self XSS to Global XSS How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) by Marin MoulinierFollow Airbnb When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities by Brett XSSI, Client Side Brute Force postMessage XSS Bypass XSS in Uber via Cookie by zhchbin Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP by frans XSS due to improper regex in third party js Uber 7k XSS XSS in TinyMCE 2.4.0 by Jelmer de Hen Pass uncoded URL in IE11 to cause XSS Twitter XSS by stopping redirection and javascript scheme by Sergey Bobrov Auth DOM Uber XSS Managed Apps and Music: two Google reflected XSSes App Maker and Colaboratory: two Google stored XSSes XSS in www.yahoo.com Stored XSS, and SSRF in Google using the Dataset Publishing Language Stored XSS on Snapchat Brute Force Web Authentication Endpoint Credentials Brute-Force Vulnerability by Arne Swinnen InstaBrute: Two Ways to Brute-force Instagram Account Credentials by Arne Swinnen How I Could Compromise 4% (Locked) Instagram Accounts by Arne Swinnen Possibility to brute force invite codes in riders.uber.com by r0t Brute-Forcing invite codes in partners.uber.com by Efkan Gkba (mefkan) How I could have hacked all Facebook accounts by Anand Prakash Facebook Account Take Over by using SMS verification code, not accessible by now, may get update from author later by Arun Sureshkumar SQL Injection SQL injection in Wordpress Plugin Huge IT Video Gallery in Uber by glc SQL Injection on sctrack.email.uber.com.cn by Orange Tsai Yahoo Root Access SQL Injection tw.yahoo.com by Brett Buerhaus Multiple vulnerabilities in a WordPress plugin at drive.uber.com by Abood Nour (syndr0me) GitHub Enterprise SQL Injection by Orange Yahoo SQL Injection to Remote Code Exection to Root Privilege by Ebrahim Hegazy Stealing Access Token

Facebook Access Token Stolen by Jack Whitton -

Obtaining Login Tokens for an Outlook, Office or Azure Account by Jack Whitton

Bypassing Digits web authentication's host validation with HPP by filedescriptor

Bypass of redirect_uri validation with /../ in GitHub by Egor Homakov

Bypassing callback_url validation on Digits by filedescriptor

Stealing livechat token and using it to

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images