All about bug bounty

These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!

List Vulnerability

• Arbitrary File Upload

• CRLF Injection

• Cross Site Request Forgery (CSRF)

• Cross Site Scripting (XSS)

• Denial of Service (DoS)

• Exposed Source Code

• Host Header Injection

• Insecure Direct Object References (IDOR)

• Local File Inclusion (LFI)

• Mass Assignment

• NoSQL Injection (NoSQLi)

• OAuth Misconfiguration

• Open Redirect

• Reflected File Download (RFD)

• Remote File Inclusion (RFI)

• Server Side Include Injection (SSI Injection)

• Server Side Request Forgery

• SQL Injection (SQLi)

• Web Cache Deception

• Web Cache Poisoning

List Bypass

• Bypass 2FA

• Bypass 403

• Bypass 429

• Bypass Captcha

Checklist

• Forgot Password Functionality

• Register Functionality SOON!

CVEs

• CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)

• CVEs 2022 (SOON)

• CVEs 2023 (SOON)

Miscellaneous

• Account Takeover

• Broken Link Hijacking

• Business Logic Errors

• Default Credentials

• Email Spoofing

• JWT Vulnerabilities

• Tabnabbing

Technologies

• Apache (HTTP Server)

• Confluence

• Grafana

• HAProxy

• Jenkins

• Jira

• Joomla

• Laravel

• Moodle

• Nginx

• WordPress

• Zend

Reconnaissance

• Scope Based Recon

• Github Dorks

• Google Dorks

• Shodan Dorks

To-Do-List

• Tidy up the reconnaisance folder

• Added more lesser known web attacks

• Added CVEs folder

• Writes multiple payload bypasses for each vulnerability

  • Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)

  • Payload SQL injection for each WAF (Cloudflare, Cloudfront)