👨🏻‍💻 Bug Bounty Blogs and Writeups of different vulnerablities

https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
https://corneacristian.medium.com/top-25-idor-bug-bounty-reports-ba8cd59ad331
https://medium.com/bugbountywriteup/all-about-getting-first-bounty-with-idor-849db2828c8
https://medium.com/bugbountywriteup/a-short-story-of-idor-to-account-takeover-b36f3983ecba
https://medium.com/@swapmaurya20/a-simple-idor-to-account-takeover-88b8a1d2ec24
https://mustafakemalcan.com/insecure-direct-object-reference-idor-tips/
https://medium.com/bugbountywriteup/pii-leakage-via-idor-weak-passwordreset-full-account-takeover-58d159f88d73
https://medium.com/bugbountywriteup/a-short-story-of-idor-to-account-takeover-b36f3983ecba
https://xploitprotocol.medium.com/hunt-for-the-idor-automation-using-burp-suit-a09f004a9d9d
https://medium.com/@abhiunix/idor-on-api-endpoints-e08c740e87a2
https://medium.com/@cobrabaghdad1/idor-lead-to-personally-identifiable-information-pii-leakage-fb2b1b4be93f

Video POC

https://www.youtube.com/watch?v=e1X2zyAZbcs&ab_channel=AliT%C3%9CT%C3%9CNC%C3%9C

Stored XSS POC

https://www.youtube.com/watch?v=EjuDr5bLNek&ab_channel=AliT%C3%9CT%C3%9CNC%C3%9C
https://www.youtube.com/watch?v=FPrNEv9a588&ab_channel=AliT%C3%9CT%C3%9CNC%C3%9C

Security Creators Videos

📅 03-Dec-2020

Host `docker` binary overwrite from Kata VM - Alex Chapman

https://bugcrowd.com/disclosures/7bf77429-2b94-44ea-b6f9-c1fc59b2fd17/host-docker-binary-overwrite-from-kata-vm

Abusing Docker API

https://dreamlab.net/en/blog/post/abusing-exposed-docker-registry-apis/

Open redirect Bypass H1 - Report

https://hackerone.com/reports/972601

📅 08-Jan-2021

Android Pentesting : Drozer

https://www.hackingarticles.in/android-penetration-testing-drozer/

📅 21-Jan-2021

Android Hacking

https://yasoob.me/posts/reverse-engineering-android-apps-apktool/
https://joshspicer.com/android-frida-1
https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/frida-tutorial
https://resources.infosecinstitute.com/topic/frida/#gref
https://frida.re/docs/examples/android/

📅 21-Jan-2021

GraphQL Hacking Explained

https://medium.com/csg-govtech/closing-the-loop-practical-attacks-and-defences-for-graphql-apis-138cb667aaff

📅 01-Dec-2020

H1 Reports

Gitlab - Unauthorized user is able to access schedule pipeline variables and values

https://hackerone.com/reports/962462

Affirm - Absence of Token expiry leads to Unauthorized login Access

https://hackerone.com/reports/766578

Ticket Trick

https://hackerone.com/reports/999765

📅 07-Jan-2021

Asset Discovery

https://0xpatrik.com/asset-discovery/

Patrick Hudak

https://0xpatrik.com/

Subdomain Takeover POC

https://0xpatrik.com/takeover-proofs/

---------------------------------------------------------- 👉 Back to Main Page 👈 ---------------------------------------------------------

Files

Bug_bounty_blogs.md

Latest commit

History

Bug_bounty_blogs.md

File metadata and controls

👨🏻‍💻 Bug Bounty Blogs and Writeups of different vulnerablities

This is how they hacked Apple

HTTP Request Smuggling Tips from honoki

XSS in PhantomJS

Exploiting Open Redirect Vulnerabilities

HTML Injection

Leveraging XSS to Read Internal Files

Unauthenticated Account Takeover through HTTP Leak

Account Takeover via IDOR in Starbucks Singapore

CSRF Exploiting in JSON Endpoint

Find Sensitive Information via Source Code

Exploiting Admin Panel Like a Boss

🐞 BugPoC LFI Challenge

Powerfull HTTP Request Smugling

Ticket Tricks

How I hacked hundreds of companies through their helpdesk

Weaponizing XSS For Fun & Profit😆😂🤣

Shodan Pentesting Guide

Hacking HTTP CORS from inside out: a theory to practice approach

HTTP Request Smuggling

Bad Neighbour Vulnerability

RCE via git option injection (almost) - $20,000 Bounty

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

Compromising S3 Buckets through Misconfigured AWS Cognito

Gateway2Hell – Multiple Privilege Escalation Vulnerabilities in Citrix Gateway Plug-In - Cymptom

Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers

IDOR and SQL Injection

Recon and Hacking tip blog

XXE

Open Redirect via unknown technique

📅 10-Nov-2020

Intigriti November XSS Challenge

📅 11-Nov-2020

JWT Hacking

CVE-2020-11518: how I bruteforced my way into your Active Directory

Sp1d3R's Security Blog

Apple Hack by JWT

Google cloud shell Account Takeover as Root

Business Logic Error to ATO

Apache Tomcat RCE

PLay with Google, Twitter, Apple and Dell

CVE-2020–14882 Weblogic Unauthorized bypass RCE

Facebook Messenger Leaking Access Token in IOS

Unique XXE to AWS Keys journey

From blind XXE to root level file read

Steal All cookies from Firefox Android

RCE via Server-Side Template Injection

Tale of 3-vulnerabilities-to-account-takeover

XXE in an E-Commerce IOS Application

Exploiting-dynamic-rendering-engines-to-take-control-of-web-apps

SSL Pinning with FRIDA

HTTP Request Smuggling Twitter

HTTP Request Smuggling Portswigger

XSS on Issue Reference in Github - H1 Report

XSS Challenge - H1 Report

API Security CTF

Synk Blog

GraphQL Hack in Shopify Privilege Escalation

Alex Chapman's Blog

Exlpoiting SpringBoot Actuator - Veracode

IDOR Writeup Blogs