Biscuit's Bug Bounty Playbook
  • 👋Introduction to Biscuit's Bug Bounty Playbook
  • Mains
    • 🧾Resume For Cyber Security Freshie
    • 📗Browser extension For Bug Bounty
    • 📀POC Videos YT Channel
    • 📺55 YouTube Channels To Learn Hacking
    • 👀Hackers to Follow on Social Media
      • Twitter
      • Medium
      • YouTube
      • GitHub
      • Discord Server
      • Security GitBooks
    • 🏅Learn The Basics
      • 🎖️Type Of Cyber Security
      • 🥈Common Job Roles
      • 🥉Get Started With InfoSec
      • ⚕️Best Bug Bounty Platform
      • 🗞️Best InfoSec Writeups Website
      • 🍪Hacking Books
      • 🥂CLI Commands
      • 💿Learn WSL
    • 👩‍💻Fun Programming Codes
    • 🔮Build your own Bug Bounty Methodology
    • 🎴Bug Bounty Checklist
  • Learn Android Bug Bounty
    • 🎥Video Tutorials
  • ❤️YouTube Channels
  • 📰Bug Bounty Reports
  • 📚Blogs & Writeups
  • 🏹GitHub Repository
  • 👨‍👨‍👧Conference Talks
  • 🖨️Automated Scanners
  • ⚙️Intentionally Vulnerable Apps
  • 🎱Learn Drozer For Android Pentesting
  • 🪀Learn Frida For Android Pentesting
  • 🏈Bypassing Security Protections in APKs via Objection and Frida
  • 🪁Security Tools For Android Pentesting
  • 🎹CLI Commands & Shortcuts
  • Bug Bounty Reports & Articles
    • 0️⃣Index
    • 1️⃣Takeover's (Accounts, Sub-domains, etc)
      • 🚡Sub Domain Takeover
      • 🚠Account Takeover
      • 🚟dependency confusion vulnerability
    • 2️⃣IDOR (Indirect Object Reference)
    • 3️⃣Leaks & Disclosure (PII, API Key, etc)
    • 4️⃣Open Redirects
    • 5️⃣Request Forgery (CSRF & SSRF)
      • 🟢CSRF
      • 🔴SSRF
    • 6️⃣Injections (HTML, XSS, etc)
      • 🟡XSS
      • 🟠HTML Injection
      • ⚫SQL Injection
      • 🟣CR/LF Injection
      • 🟢SSTI
      • 🔴Host Header Injection
      • 🔵CSV Injection
    • 7️⃣Broken Access Control & Broken Authentication
      • ⚙️File Upload Functionality
      • ⚙️Password Reset Functionality
      • ⚙️2FA Functionality
      • ⚙️Oauth Functionality
      • ⚙️Bypassing
      • ⚙️Misconfiguration
      • ⚙️Captcha Bypass
    • 8️⃣Web Socket
    • 9️⃣Miscellaneous Reports
    • 🧻Role Management Issue
    • 0️Cloud
      • 🌩️AWS S3
    • 1️Low Hanging Fruits
    • 2️Cache Vulnerabilities
    • 3️DOS/DDOS
  • 4️Forced Browsing
  • Bug Bounty Platforms
    • 🐛BugCrowd
    • 🐞HackerOne
    • 🐝Intigriti
    • 🐜Open Bug Bounty
  • Exploiting Technologies
    • 0️⃣Introduction
    • 1️⃣Wordpress
    • 2️⃣GraphQL API
    • 3️⃣IDOR Vulnerability
Powered by GitBook
On this page
  1. Bug Bounty Reports & Articles

Miscellaneous Reports

PreviousWeb SocketNextRole Management Issue

Last updated 1 month ago

9️⃣
Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuseHarel Security Research
aem bug medium - Google SearchGoogle
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other CompaniesMedium
Redacted bugs #3: Полювання на баги вартістю $7,750 у додатку для дорослихSecurityRise
Дослідження безпеки подарункових картокSecurityRise
How you could get hacked at a coffee shop | Cyber Security | Muqsit Baigmqst
Logo
Logo
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
HackerOne disclosed on HackerOne: LLM03: Training Data Poisoning...HackerOne
A list of good wordlists for bug bounty hunters | by loyalonlytoday - Freedium
Hacking Swagger UI - 101InfoSec Write-ups
Logo
Logo
LDAP — Ports 389, 636, 3268, 3269 — How to exploit?Medium
Using YouTube to steal your fileslyra's epic blog
Logo
Logo
Logo
Logo
Logo
Logo