2021-02-04 00:08:28 +00:00
|
|
|
# All about bug bounty
|
2021-02-08 11:35:49 +00:00
|
|
|
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
|
2021-02-04 00:08:28 +00:00
|
|
|
|
2021-07-21 15:38:57 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2022-07-09 15:35:32 +00:00
|
|
|
## List Vulnerability
|
2022-06-15 10:38:42 +00:00
|
|
|
- [Arbitrary File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Arbitrary%20File%20Upload.md)
|
2022-06-22 04:41:21 +00:00
|
|
|
- [CRLF Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CRLF%20Injection.md)
|
2021-02-09 10:29:07 +00:00
|
|
|
- [Cross Site Request Forgery (CSRF)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)
|
2021-02-04 00:08:28 +00:00
|
|
|
- [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)
|
|
|
|
|
- [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
|
2021-07-18 12:33:02 +00:00
|
|
|
- [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Exposed%20Source%20Code.md)
|
2021-02-04 00:08:28 +00:00
|
|
|
- [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)
|
2021-07-21 15:38:57 +00:00
|
|
|
- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
|
2022-06-18 14:40:38 +00:00
|
|
|
- [Local File Inclusion (LFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)
|
2022-07-09 15:35:32 +00:00
|
|
|
- [Mass Assignment](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Mass%20Assignment.md)
|
2023-02-01 03:22:13 +00:00
|
|
|
- [NoSQL Injection (NoSQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)
|
2021-07-21 15:38:57 +00:00
|
|
|
- [OAuth Misconfiguration](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)
|
|
|
|
|
- [Open Redirect](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)
|
2023-05-22 00:16:10 +00:00
|
|
|
- [Reflected File Download (RFD)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reflected%20File%20Download.md)
|
2022-06-22 04:41:21 +00:00
|
|
|
- [Remote File Inclusion (RFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)
|
2023-02-01 03:22:13 +00:00
|
|
|
- [Server Side Include Injection (SSI Injection)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Include%20Injection.md)
|
2022-11-08 11:29:04 +00:00
|
|
|
- [Server Side Request Forgery](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)
|
2023-02-01 03:22:13 +00:00
|
|
|
- [SQL Injection (SQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)
|
2022-11-08 11:29:04 +00:00
|
|
|
- [Web Cache Deception](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Deception.md)
|
2021-02-08 11:35:49 +00:00
|
|
|
- [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)
|
2021-02-04 00:08:28 +00:00
|
|
|
|
|
|
|
|
## List Bypass
|
|
|
|
|
- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
|
|
|
|
|
- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
|
2021-11-13 23:21:02 +00:00
|
|
|
- [Bypass 429](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)
|
2021-02-04 00:08:28 +00:00
|
|
|
- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
|
|
|
|
|
|
2023-02-01 03:22:13 +00:00
|
|
|
## Checklist
|
|
|
|
|
- [Forgot Password Functionality](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)
|
|
|
|
|
- Register Functionality SOON!
|
|
|
|
|
|
|
|
|
|
## CVEs
|
|
|
|
|
- CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)
|
|
|
|
|
- CVEs 2022 (SOON)
|
|
|
|
|
- CVEs 2023 (SOON)
|
|
|
|
|
|
2021-02-04 00:08:28 +00:00
|
|
|
## Miscellaneous
|
2021-02-09 02:15:31 +00:00
|
|
|
- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)
|
2021-02-09 10:29:07 +00:00
|
|
|
- [Broken Link Hijacking](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Broken%20Link%20Hijacking.md)
|
2023-05-22 00:10:26 +00:00
|
|
|
- [Business Logic Errors](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)
|
2021-07-30 10:43:35 +00:00
|
|
|
- [Default Credentials](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Default%20Credentials.md)
|
2021-02-09 10:29:07 +00:00
|
|
|
- [Email Spoofing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Email%20Spoofing.md)
|
|
|
|
|
- [JWT Vulnerabilities](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/JWT%20Vulnerabilities.md)
|
|
|
|
|
- [Tabnabbing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Tabnabbing.md)
|
2021-07-21 15:38:57 +00:00
|
|
|
|
|
|
|
|
## Technologies
|
2022-06-22 04:41:21 +00:00
|
|
|
- [Apache (HTTP Server)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Apache%20HTTP%20Server.md)
|
2022-06-19 12:33:16 +00:00
|
|
|
- [Confluence](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Confluence.md)
|
2021-11-13 23:21:02 +00:00
|
|
|
- [Grafana](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Grafana.md)
|
|
|
|
|
- [HAProxy](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/HAProxy.md)
|
2022-11-08 11:29:04 +00:00
|
|
|
- [Jenkins](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jenkins.md)
|
2021-07-21 15:38:57 +00:00
|
|
|
- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jira.md)
|
2022-07-09 15:35:32 +00:00
|
|
|
- [Joomla](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Joomla.md)
|
2022-06-15 10:38:42 +00:00
|
|
|
- [Laravel](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Laravel.md)
|
2022-11-08 11:29:04 +00:00
|
|
|
- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Moodle.md)
|
2021-11-14 01:01:33 +00:00
|
|
|
- [Nginx](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Nginx.md)
|
2022-06-15 10:38:42 +00:00
|
|
|
- [WordPress](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/WordPress.md)
|
|
|
|
|
- [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Zend.md)
|
2021-02-04 00:08:28 +00:00
|
|
|
|
|
|
|
|
## Reconnaissance
|
2022-07-09 15:35:57 +00:00
|
|
|
- [Scope Based Recon](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Scope.md)
|
|
|
|
|
- [Github Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Github%20Dorks.md)
|
|
|
|
|
- [Google Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Google%20Dorks.md)
|
|
|
|
|
- [Shodan Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Shodan%20Dorks.md)
|
2021-02-04 00:08:28 +00:00
|
|
|
|
2022-07-09 15:54:53 +00:00
|
|
|
## To-Do-List
|
|
|
|
|
- [ ] Tidy up the reconnaisance folder
|
2023-05-22 00:10:26 +00:00
|
|
|
- [ ] Added more lesser known web attacks
|
2022-11-18 11:58:34 +00:00
|
|
|
- [x] Added CVEs folder
|
2022-07-09 15:54:53 +00:00
|
|
|
- [ ] Writes multiple payload bypasses for each vulnerability
|
2022-11-08 11:29:04 +00:00
|
|
|
- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
|
2022-07-09 15:54:53 +00:00
|
|
|
- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)
|
