Biscuit's Bug Bounty Playbook

👋Introduction to Biscuit's Bug Bounty Playbook
Mains
Learn Android Bug Bounty
- 🎥Video Tutorials
❤️YouTube Channels
📰Bug Bounty Reports
📚Blogs & Writeups
🏹GitHub Repository
👨‍👨‍👧Conference Talks
🖨️Automated Scanners
⚙️Intentionally Vulnerable Apps
🎱Learn Drozer For Android Pentesting
🪀Learn Frida For Android Pentesting
🏈Bypassing Security Protections in APKs via Objection and Frida
🪁Security Tools For Android Pentesting
🎹CLI Commands & Shortcuts
Bug Bounty Reports & Articles
4️Forced Browsing
Bug Bounty Platforms
Exploiting Technologies

Powered by GitBook

On this page

Bug Bounty Reports & Articles

1️⃣Takeover's (Accounts, Sub-domains, etc)

🚠Account Takeover

PreviousSub Domain Takeover Nextdependency confusion vulnerability

Last updated 16 days ago

0-Click Account Takeover Earned Me €900 BountyMedium

Full Account Takeover Leading to RCE Remote Code ExecutionWaqas Zaka

Pre account takeoverMedium

Oauth Misconfiguration Leads to 0-Click ATOMedium

How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?Medium

Account (of the CEO) Takeover via Password ResetMedium

Account Takeover via Email ConfirmationMedium

Account Takeover via Weak OTPMedium

[Account Take Over] through reset password token leaked in response, 2500 € RewardInfoSec Write-ups

5 Ways to do ATO in a Single WebsiteMedium

Account takeover in cups.mail.ruqwerty

U.S. Dept Of Defense disclosed on HackerOne: Password Reset link...HackerOne

Mail.ru disclosed on HackerOne: Account takeover through password...HackerOne

UPS VDP disclosed on HackerOne: Admin Authentication Bypass Lead to...HackerOne

PII Leakage via IDOR + Weak PasswordReset = Full Account TakeoverInfoSec Write-ups

0 Click Account takeoverMedium