365x5

This repository is to track my progress of reading a minimum of 5 reports or writeups/blogs each day for 365 consecutive days

Inspired by AkashHamal0x01 and Mohsin Khan I am also going to learn and share my progress with you guys for the next 365 days.

Date	Topics
May-01	- Design Flaw: A Tale of Permanent DOS - CORS Misconfiguration - Broken Access Control Logic - Forced Browsing leading to privilege escalation - Forced Browsing on Hackerone
May-02	- Account Takeover by clicking the link on same session - Some tips to novice bug hunters by Mohsin Khan - Mindset for hacking GraphQL Applications - Getting Paid Services for free through IDOR - IDOR leading to Account takeover in Europe's One of the Largest Media Companies
May-03	- An overview of CSRF - Pentesting a porn site by Jason Haddix - [Some of the other CSRF reports linked in the today's first blog]
May-04	- Request Smuggling - Request Smuggling in Apple - Bypass Apple Corp SSO on Apple Admin Panel -Privacy Disclosure on FBLite after Creating a post - See hidden like/dislike count on YouTube Shorts
May-05	- HTTP Request Smuggling video by Spin The Hack - HTTP Request Smuggling Lab solved by Spin The Hack - Spoofing ENS Domains - About SSRF - About Blind SSRF
May-06	- Out-of-band Application Security Testing (OAST) - SSRF via ?url= parameter - Shopify domain takeover - SSRF in Dropbox - SSRF in shopify leading to RCE
May-07	- IDOR in TikTok - Bypassing Email verification in Reddit Ads - The $16000 Developer Mistake - Chaining multiple low-level vulns into a Critical. - Chaining several IDOR’s into Account Takeover
May-08	Break
May-09	- Remotely permanent Crash any Instagram User via Permanent DOS in user DM - Disclose Ad Accounts linked with Instagram Accounts - Disclose WhatsApp Number of Instagram Accounts - Dependency confusion in tech giants - Global default settings page is accessible to non-administrators
May-10	- Many things about WSL vs VirtualBox from Google - Hunting in private programs
May-11	- Hunting in private program
May-12	- How to learn anything faster - Storage of old passwords in plain text format - How to write a BB report that actually gets paid? - Complete compromise of an password manager site - Attacker could attach their own tournamnet to any live video.
May-13	- Open redirect in Instagram opentap flow. - Know undisclosed Bounty Amount when Bounty Statistics are enabled. - Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics - Total Paid Bounty Paid can be disclose - Forging OAuth tokens using discovered client id and client secret
May-14	- How I was able to bypass WAF and find the origin IP and a few sensitive files - Stored XSS in shopify - Origin IP found, WAF Cloudflare Bypass - Origin IP found, Cloudflare bypassed - Easy to find vulnerabilities that might get paid
May-15	- How a pentester’s attempt to be ‘as realistic as possible’ alarmed cybersecurity firms - Multiple bugs chained to takeover Facebook Accounts which uses Gmail - Disclose customer orders details by shopify chat application. - Disclose STAFF member name and make actions. - Some 2FA bypassing techniques
May-16	- Security misconfiguration in magic link - HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function - My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information's & In Some cases Passwords At More Than 1000 Companies - [1] OrwaGodFather Methodology How I Found Bugs In Small Scope And Tips [Think Out The House] - Privilege Escalation on TikTok for Business
May-17	- Bounty Celebration Day
May-18	- Lack of access control on edit packing slip template - Broken access control, can lead to legitimate user data loss - Improper access control on adding a Register to an Outlet - IDOR to view order information of users and personal information - Global default settings page is accessible to non-administrators
May-19	- $4300 Instagram IDOR Bug (2022) - WhatsApp Bug Bounty: Bypassing biometric authentication using voip - How I found the Authentication Bypass bug and Earn $$$$ - Email html Injection - Gain reputation by creating a duplicate of an existing report
May-20	Day 18 - Sensitive files/ data exists post deletion of user account - Everything you need to know about FFUF - Bypassing HttpOnly with phpinfo file - Leveraging HttpOnly Cookies via XSS Exploitation with XHR Response Chaining - IDOR vulnerability allows access to user’s personal data
May-21	Day 19 - A business Logic issue worth $1500 - Microsoft IDOR Changing Other User Discussion - Facebook’s Burglary Shopping List - My first Google HOF - Hacking Dutch Government For a lousy T-shirt
May-22	Day 20 - HTML Injection with XSS possible - How I got a lousyT-Shirt from the Dutch Government. - Basic cURL Tutorial - SITE WIDE CSRF ON GLASSDOOR - Beginner's Guide to HTTPX: Installation and Usage
May-23	Day 21 - How I approached Dependency Confusion! - Dependency Confusion Pt. 1 The Setup Packages Private Registry - Dependency Confusion Pt. 2 Final Part Exploiting Dependency Injection - Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click - 2FA Bypass on private bug bounty program due to improper caching mechanism
May-24	Day 22 - 2FA Bypass on private bug bounty program due to CSRF token misconfiguration - Its all about 2fa bypass, or Account Takeover - 2fa bypass again - How I Get Bounty From Takeover Account - OTP bypass via response manipulation
May-25	Day 23 - How I used a company email to send emails(a p3 severity bug). - Find hidden input using Param Miner BurpSuite Extension - P1 Bug — PII information disclosure - Worst Bug bounty sites you should avoid - OTP Bypass on Vahak.in
May-26	Day 24 - Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid} - IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal - Race Condition when following a user - Hunting
May-27	Day 25 - Hunting on private programs
May-28	Day 26 - Hunting on private programs
May-29 - June 2	Burnout
June-3	Day 27 - How I Found a company’s internal S3 Bucket with 41k Files - How I Get Bounty From Takeover Account - Breaking Reverse Proxy Parser Logic
June-4	Day 28 - How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty CVE-2021–34506 - MetaMask Awards Bug Bounty for Clickjacking Vulnerability
July-05	Day 29 - If It’s a Feature!!! Let’s Abuse It for $750 - SHA: Secure Hashing Algorithm - Computerphile - Burp Suite 2: Decoder Tool - Burp-Suite 2: Inspecting Web Sockets - How to test WebSockets with Burp Suite
July-06	Day 30 - How to Exploit WebSocket WebSocket for Beginners - An invite-only's program submission state is accessible to users no longer part of the program - Unauthorized User Can Delete Any User Account - Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support. - Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints
July-07	Day 31 - my updated bug bounty resources - Messenger leaking victim’s video though victim gets popup/whole screen UI saying his video isn’t being shared. - Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us - Able to approve admin approval and change effective status without adding payment details . - Able to bypass email verification and change email to any other user email
July-08	Day 32 - Shopify GitHub Login and Password exposed all private source code might be available. - free VPS trick for BUG BOUNTY HUNTERS
July-12	Day 33 - Collaborators and Staff members without all necessary permissions are able to create, edit and install custom apps - Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) - Able to view hackerone reports attachments - EXIF metadata not stripped from JPG group logos - Hacking — Always check out the Images
July-13	Day 34 - leveraging the SQL injection to execute the XSS by evading CSP. - [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day - One Click XSS in [www.shopify.com] - -
July-16	Day 35 - [h1-2102] shopApps query from the graphql at /users/api returns all existing created apps, including private ones - - - -