AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

Skip to content

Navigation Menu

• • GitHub CopilotWrite better code with AI

  • SecurityFind and fix vulnerabilities

  • ActionsAutomate any workflow

  • CodespacesInstant dev environments

  • IssuesPlan and track work

  • Code ReviewManage code changes

  • DiscussionsCollaborate outside of code

  • Code SearchFind more, search less

• Explore

  • Learning Pathways

  • White papers, Ebooks, Webinars

  • Customer Stories

  • Partners

  • Executive Insights

• • GitHub SponsorsFund open source developers

  • The ReadME ProjectGitHub community articles

• • Enterprise platformAI-powered developer platform

• Pricing

All about bug bounty

These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too

List Vulnerability

• Arbitrary File Upload
• CRLF Injection
• Cross Site Request Forgery (CSRF)
• Cross Site Scripting (XSS)
• Denial of Service (DoS)
• Exposed Source Code
• Host Header Injection
• Insecure Direct Object References (IDOR)
• Local File Inclusion (LFI)
• Mass Assignment
• NoSQL Injection (NoSQLi)
• OAuth Misconfiguration
• Open Redirect
• Reflected File Download (RFD)
• Remote File Inclusion (RFI)
• Server Side Include Injection (SSI Injection)
• Server Side Request Forgery
• SQL Injection (SQLi)
• Web Cache Deception
• Web Cache Poisoning

List Bypass

• Bypass 2FA
• Bypass 403
• Bypass 429
• Bypass Captcha

Checklist

• Forgot Password Functionality
• Register Functionality SOON!

CVES

Miscellaneous

• Account Takeover
• Broken Link Hijacking
• Business Logic Errors
• Default Credentials
• Email Spoofing
• JWT Vulnerabilities
• Tabnabbing

Technologies

• Apache (HTTP Server)
• Confluence
• Grafana
• HAProxy
• Jenkins
• Jira
• Joomla
• Laravel
• Moodle
• Nginx
• WordPress
• Zend

Reconnaissance

• Scope Based Recon
• Github Dorks
• Google Dorks
• Shodan Dorks

To-Do-List

• Tidy up the reconnaisance folder

• Added more lesser known web attacks

• Added CVEs folder

• Writes multiple payload bypasses for each vulnerability

  • Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)

  • Payload SQL injection for each WAF (Cloudflare, Cloudfront)