4de1c37713 | ||
---|---|---|
Bypass | ||
CVEs/2021 | ||
Checklist | ||
Misc | ||
Reconnaissance | ||
Technologies | ||
Arbitrary File Upload.md | ||
CRLF Injection.md | ||
Cross Site Request Forgery.md | ||
Cross Site Scripting.md | ||
Denial Of Service.md | ||
Exposed Source Code.md | ||
Host Header Injection.md | ||
Insecure Direct Object References.md | ||
Local File Inclusion.md | ||
Mass Assignment.md | ||
NoSQL Injection.md | ||
OAuth Misconfiguration.md | ||
Open Redirect.md | ||
README.md | ||
Reflected File Download.md | ||
Remote File Inclusion.md | ||
SQL Injection.md | ||
Server Side Include Injection.md | ||
Server Side Request Forgery.md | ||
Web Cache Deception.md | ||
Web Cache Poisoning.md |
README.md
All about bug bounty
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
List Vulnerability
- Arbitrary File Upload
- CRLF Injection
- Cross Site Request Forgery (CSRF)
- Cross Site Scripting (XSS)
- Denial of Service (DoS)
- Exposed Source Code
- Host Header Injection
- Insecure Direct Object References (IDOR)
- Local File Inclusion (LFI)
- Mass Assignment
- NoSQL Injection (NoSQLi)
- OAuth Misconfiguration
- Open Redirect
- Reflected File Download (RFDD)
- Remote File Inclusion (RFI)
- Server Side Include Injection (SSI Injection)
- Server Side Request Forgery
- SQL Injection (SQLi)
- Web Cache Deception
- Web Cache Poisoning
List Bypass
Checklist
- Forgot Password Functionality
- Register Functionality SOON!
CVEs
- CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)
- CVEs 2022 (SOON)
- CVEs 2023 (SOON)
Miscellaneous
- Account Takeover
- Broken Link Hijacking
- Business Logic Errors
- Default Credentials
- Email Spoofing
- JWT Vulnerabilities
- Tabnabbing
Technologies
- Apache (HTTP Server)
- Confluence
- Grafana
- HAProxy
- Jenkins
- Jira
- Joomla
- Laravel
- Moodle
- Nginx
- WordPress
- Zend
Reconnaissance
To-Do-List
- Tidy up the reconnaisance folder
- Added more lesser known web attacks
- Added CVEs folder
- Writes multiple payload bypasses for each vulnerability
- Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
- Payload SQL injection for each WAF (Cloudflare, Cloudfront)