Arbitrary File Upload
CRLF Injection
Cross Site Request Forgery
XSS Cheat Sheet (Basic)
- Mind Map
- Top 25 Cross-Site Scripting (XSS) Parameters
Denial of Service
Exposed Source Code
Host Header Injection
Insecure Direct Object Reference (IDOR)
Local File Inclusion
Mass Assignment Attack
NoSQL Injection
OAuth Misconfiguration
On-Site Request Forgery (OSRF)
Open Redirect
- Top 25 Open Redirect Parameters
Remote Code Execution
- Top 25 Remote Code Execution (RCE) Parameters [GET based]
All about bug bounty
Reflected File Download
Remote File Inclusion
SQL Injection
Server Side Include Injection (SSI Injection)
Server Side Request Forgery (SSRF)
- Mindmap
- Top 25 Server-Side Request Forgery (SSRF) Parameters
Web Cache Deception
Web Cache Poisoning
Bypass
Checklist
- Forgot Password
- OWASP Web Application Security Testing Checklist
Misc
Reconnaissance
Technologies

Powered by GitBook

On this page

List Vulnerability
List Bypass
Checklist
CVEs
Miscellaneous
Technologies
Reconnaissance
To-Do-List

All about bug bounty

PreviousTop 25 Remote Code Execution (RCE) Parameters [GET based]NextReflected File Download

Last updated 1 year ago

These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!

List Vulnerability

Arbitrary File Upload
CRLF Injection
Cross Site Request Forgery (CSRF)
Cross Site Scripting (XSS)
Denial of Service (DoS)
Exposed Source Code
Host Header Injection
Insecure Direct Object References (IDOR)
Local File Inclusion (LFI)
Mass Assignment
NoSQL Injection (NoSQLi)
OAuth Misconfiguration
Open Redirect
Reflected File Download (RFD)
Remote File Inclusion (RFI)
Server Side Include Injection (SSI Injection)
Server Side Request Forgery
SQL Injection (SQLi)
Web Cache Deception
Web Cache Poisoning

List Bypass

Bypass 2FA
Bypass 403
Bypass 429
Bypass Captcha

Checklist

Forgot Password Functionality
Register Functionality SOON!

CVEs

CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)
CVEs 2022 (SOON)
CVEs 2023 (SOON)

Miscellaneous

Account Takeover
Broken Link Hijacking
Business Logic Errors
Default Credentials
Email Spoofing
JWT Vulnerabilities
Tabnabbing

Technologies

Apache (HTTP Server)
Confluence
Grafana
HAProxy
Jenkins
Jira
Joomla
Laravel
Moodle
Nginx
WordPress
Zend

Reconnaissance

Scope Based Recon
Github Dorks
Google Dorks
Shodan Dorks

To-Do-List

Tidy up the reconnaisance folder
Added more lesser known web attacks
Added CVEs folder
Writes multiple payload bypasses for each vulnerability
- Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
- Payload SQL injection for each WAF (Cloudflare, Cloudfront)