Skip to content
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
Branch: master
Clone or download

Latest commit

Latest commit 825bde4 Apr 1, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Deleted dead links Apr 1, 2020

README.md

Bug Bounty Reference

A list of bug bounty write-up that is categorized by the bug nature, this is inspired by https://github.com/djadmin/awesome-bug-bounty

Introduction

I have been reading for Bug Bounty write-ups for a few months, I found it extremely useful to read relevant write-up when I found a certain type of vulnerability that I have no idea how to exploit. Let say you found a RPO (Relativce Path Overwrite) in a website, but you have no idea how should you exploit that, then the perfect place to go would be here. Or you have found your customer is using oauth mechanism but you have no idea how should we test it, the other perfect place to go would be here

My intention is to make a full and complete list of common vulnerability that are publicly disclosed bug bounty write-up, and let Bug Bounty Hunter to use this page as a reference when they want to gain some insight for a particular kind of vulnerability during Bug Hunting, feel free to submit pull request. Okay, enough for chit-chatting, let's get started.

Cross-Site Scripting (XSS)

Brute Force

SQL Injection

Stealing Access Token

Google oauth bypass

CSRF

Remote Code Execution

Deserialization

Image Tragick

Direct Object Reference (IDOR)

XXE

Unrestricted File Upload

Server Side Request Forgery (SSRF)

Race Condition

Business Logic Flaw

Authentication Bypass

HTTP Header Injection

Subdomain Takeover

XSSI

Email Related

Money Stealing

2017 Local File Inclusion

Miscellaneous

You can’t perform that action at this time.