René's URL Explorer Experiment


Title: GitHub - Squnity/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature · GitHub

Open Graph Title: GitHub - Squnity/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

X Title: GitHub - Squnity/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Description: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature - Squnity/bug-bounty-reference

Open Graph Description: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature - Squnity/bug-bounty-reference

X Description: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature - Squnity/bug-bounty-reference

Opengraph URL: https://github.com/Squnity/bug-bounty-reference

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:b7330268-0150-a95a-f1a5-7db87bd635cc
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idBBE2:2BA6B2:44C6D90:610BF47:6A56F551
html-safe-noncea8b33d01171b2af1b510882ce858d15c74ea3cfc68d998d807b6c4acd8b3922b
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCQkUyOjJCQTZCMjo0NEM2RDkwOjYxMEJGNDc6NkE1NkY1NTEiLCJ2aXNpdG9yX2lkIjoiNjI4MTg4MzE0Njc0NjUyNTAxMCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmacd8a980b4bbedf098e6daf966bceb558c4626c8c283aa190e4cf29e6a12252f87
hovercard-subject-tagrepository:113301419
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/Squnity/bug-bounty-reference
twitter:imagehttps://opengraph.githubassets.com/a33e249b1784e34ca28c304dca64fb251dae515b08ad435fd609961bd8a768d3/Squnity/bug-bounty-reference
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/a33e249b1784e34ca28c304dca64fb251dae515b08ad435fd609961bd8a768d3/Squnity/bug-bounty-reference
og:image:altInspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature - Squnity/bug-bounty-reference
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None4eb29e5f807bd95e41196adfbc6d28f9af12d89830d8b684f3e871774ddff2fc
turbo-cache-controlno-cache
go-importgithub.com/Squnity/bug-bounty-reference git https://github.com/Squnity/bug-bounty-reference.git
octolytics-dimension-user_id27748183
octolytics-dimension-user_loginSqunity
octolytics-dimension-repository_id113301419
octolytics-dimension-repository_nwoSqunity/bug-bounty-reference
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id113301358
octolytics-dimension-repository_parent_nwoSecFathy/bug-bounty-reference
octolytics-dimension-repository_network_root_id67130928
octolytics-dimension-repository_network_root_nwongalongc/bug-bounty-reference
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseb056788a129fb0194b61f2ebb4c43f6a9f4dfd27
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/Squnity/bug-bounty-reference#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2FSqunity%2Fbug-bounty-reference
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2FSqunity%2Fbug-bounty-reference
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=Squnity%2Fbug-bounty-reference
Reloadhttps://github.com/Squnity/bug-bounty-reference
Reloadhttps://github.com/Squnity/bug-bounty-reference
Reloadhttps://github.com/Squnity/bug-bounty-reference
Please reload this pagehttps://github.com/Squnity/bug-bounty-reference
Squnity https://github.com/Squnity
bug-bounty-referencehttps://github.com/Squnity/bug-bounty-reference
SecFathy/bug-bounty-referencehttps://github.com/SecFathy/bug-bounty-reference
Notifications https://github.com/login?return_to=%2FSqunity%2Fbug-bounty-reference
Fork 0 https://github.com/login?return_to=%2FSqunity%2Fbug-bounty-reference
Star 1 https://github.com/login?return_to=%2FSqunity%2Fbug-bounty-reference
Code https://github.com/Squnity/bug-bounty-reference
Pull requests 0 https://github.com/Squnity/bug-bounty-reference/pulls
Actions https://github.com/Squnity/bug-bounty-reference/actions
Projects https://github.com/Squnity/bug-bounty-reference/projects
Wiki https://github.com/Squnity/bug-bounty-reference/wiki
Security and quality 0 https://github.com/Squnity/bug-bounty-reference/security
Insights https://github.com/Squnity/bug-bounty-reference/pulse
Code https://github.com/Squnity/bug-bounty-reference
Pull requests https://github.com/Squnity/bug-bounty-reference/pulls
Actions https://github.com/Squnity/bug-bounty-reference/actions
Projects https://github.com/Squnity/bug-bounty-reference/projects
Wiki https://github.com/Squnity/bug-bounty-reference/wiki
Security and quality https://github.com/Squnity/bug-bounty-reference/security
Insights https://github.com/Squnity/bug-bounty-reference/pulse
https://github.com/Squnity/bug-bounty-reference
Brancheshttps://github.com/Squnity/bug-bounty-reference/branches
Tagshttps://github.com/Squnity/bug-bounty-reference/tags
https://github.com/Squnity/bug-bounty-reference/branches
https://github.com/Squnity/bug-bounty-reference/tags
158 Commitshttps://github.com/Squnity/bug-bounty-reference/commits/master/
https://github.com/Squnity/bug-bounty-reference/commits/master/
README.mdhttps://github.com/Squnity/bug-bounty-reference/blob/master/README.md
README.mdhttps://github.com/Squnity/bug-bounty-reference/blob/master/README.md
READMEhttps://github.com/Squnity/bug-bounty-reference
https://github.com/Squnity/bug-bounty-reference#bug-bounty-reference
https://github.com/djadmin/awesome-bug-bountyhttps://github.com/djadmin/awesome-bug-bounty
https://github.com/Squnity/bug-bounty-reference#introduction
herehttp://blog.innerht.ml/rpo-gadgets/
herehttps://whitton.io/articles/obtaining-tokens-outlook-office-azure-account/
XSSIhttps://github.com/Squnity/bug-bounty-reference#xssi
Cross-Site Scripting (XSS)https://github.com/Squnity/bug-bounty-reference#cross-site-scripting-xss
Brute Forcehttps://github.com/Squnity/bug-bounty-reference#brute-force
SQL Injection (SQLi)https://github.com/Squnity/bug-bounty-reference#sql-injection
External XML Entity Attack (XXE)https://github.com/Squnity/bug-bounty-reference#xxe
Remote Code Execution (RCE)https://github.com/Squnity/bug-bounty-reference#remote-code-execution
Deserializationhttps://github.com/Squnity/bug-bounty-reference#deserialization
Image Tragickhttps://github.com/Squnity/bug-bounty-reference#image-tragick
Cross-Site Request Forgery (CSRF)https://github.com/Squnity/bug-bounty-reference#csrf
Insecure Direct Object Reference (IDOR)https://github.com/Squnity/bug-bounty-reference#insecure-direct-object-reference-idor
Stealing Access Tokenhttps://github.com/Squnity/bug-bounty-reference#stealing-access-token
Google Oauth Login Bypasshttps://github.com/Squnity/bug-bounty-reference#google-oauth-bypass
Server Side Request Forgery (SSRF)https://github.com/Squnity/bug-bounty-reference#server-side-request-forgery-ssrf
Unrestricted File Uploadhttps://github.com/Squnity/bug-bounty-reference#unrestricted-file-upload
Race Conditionhttps://github.com/Squnity/bug-bounty-reference#race-condition
Business Logic Flawhttps://github.com/Squnity/bug-bounty-reference#business-logic-flaw
Authentication Bypasshttps://github.com/Squnity/bug-bounty-reference#authentication-bypass
HTTP Header Injectionhttps://github.com/Squnity/bug-bounty-reference#http-header-injection
Email Relatedhttps://github.com/Squnity/bug-bounty-reference#email-related
Money Stealinghttps://github.com/Squnity/bug-bounty-reference#money-stealing
Miscellaneoushttps://github.com/Squnity/bug-bounty-reference#miscellaneous
https://github.com/Squnity/bug-bounty-reference#cross-site-scripting-xss
Sleeping stored Google XSS Awakens a $5000 Bountyhttps://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/
RPO that lead to information leakage in Googlehttp://blog.innerht.ml/rpo-gadgets/
God-like XSS, Log-in, Log-out, Log-inhttps://whitton.io/articles/uber-turning-self-xss-into-good-xss/
Three Stored XSS in Facebookhttp://www.breaksec.com/?p=6129
Using a Braun Shaver to Bypass XSS Audit and WAFhttps://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify
An XSS on Facebook via PNGs & Wonky Content Typeshttps://whitton.io/articles/xss-on-facebook-via-png-content-types/
Stored XSS in *.ebay.comhttps://whitton.io/archive/persistent-xss-on-myworld-ebay-com/
Complicated, Best Report of Google XSShttps://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss
Tricky Html Injection and Possible XSS in sms-be-vip.twitter.comhttps://hackerone.com/reports/150179
Command Injection in Google Consolehttp://www.pranav-venkat.com/2016/03/command-injection-which-got-me-6000.html
Facebook's Moves - OAuth XSShttp://www.paulosyibelo.com/2015/12/facebooks-moves-oauth-xss.html
Stored XSS in Google Docs (Bug Bounty)http://hmgmakarovich.blogspot.hk/2015/11/stored-xss-in-google-docs-bug-bounty.html
Stored XSS on developer.uber.com via admin account compromise in Uberhttps://hackerone.com/reports/152067
Yahoo Mail stored XSShttps://klikki.fi/adv/yahoo.html
Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212)http://mksben.l0.cm/2016/07/xxn-caret.html
Youtube XSShttps://labs.detectify.com/2015/06/06/google-xss-turkey/
Best Google XSS againhttps://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter
IE & Edge URL parsin Problemhttps://labs.detectify.com/2016/10/24/combining-host-header-injection-and-lax-host-parsing-serving-malicious-data/
Google XSS subdomain Clickjackinghttp://sasi2103.blogspot.sg/2016/09/combination-of-techniques-lead-to-dom.html
Microsoft XSS and Twitter XSShttp://blog.wesecureapp.com/xss-by-tossing-cookies/
Google Japan Book XSShttp://nootropic.me/blog/en/blog/2016/09/20/%E3%82%84%E3%81%AF%E3%82%8A%E3%83%8D%E3%83%83%E3%83%88%E3%82%B5%E3%83%BC%E3%83%95%E3%82%A3%E3%83%B3%E3%82%92%E3%81%97%E3%81%A6%E3%81%84%E3%81%9F%E3%82%89%E3%81%9F%E3%81%BE%E3%81%9F%E3%81%BEgoogle/
Flash XSS mega nzhttps://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-co-nz-xss/
Flash XSS in multiple librarieshttps://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
xss in google IE, Host Header Reflectionhttp://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
Years ago Google xsshttp://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf
xss in google by IE weird behaviorhttp://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
xss in Yahoo Fantasy Sporthttp://dawgyg.com/2016/12/07/stored-xss-affecting-all-fantasy-sports-fantasysports-yahoo-com-2/
xss in Yahoo Mail Again, worth $10000https://klikki.fi/adv/yahoo2.html
Sleeping XSS in Googlehttps://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/
Decoding a .htpasswd to earn a payload of moneyhttps://blog.it-securityguard.com/bugbounty-decoding-a-%F0%9F%98%B1-00000-htpasswd-bounty/
Google Account Takeoverhttp://www.orenh.com/2013/11/google-account-recovery-vulnerability.html#comment-form
AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/
Uber Self XSS to Global XSShttps://httpsonly.blogspot.hk/2016/08/turning-self-xss-into-good-xss-v2.html
How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.cktt61q9g
Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilitieshttps://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/
XSSI, Client Side Brute Forcehttp://blog.intothesymmetry.com/2017/05/cross-origin-brute-forcing-of-saml-and.html
postMessage XSS Bypasshttps://hackerone.com/reports/231053
XSS in Uber via Cookiehttp://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/
Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONPhttps://hackerone.com/reports/207042
XSS due to improper regex in third party js Uber 7k XSShttp://zhchbin.github.io/2016/09/10/A-Valuable-XSS/
XSS in TinyMCE 2.4.0https://hackerone.com/reports/262230
Pass uncoded URL in IE11 to cause XSShttps://hackerone.com/reports/150179
Twitter XSS by stopping redirection and javascript schemehttp://blog.blackfan.ru/2017/09/devtwittercom-xss.html
Auth DOM Uber XSShttp://stamone-bug-bounty.blogspot.hk/2017/10/dom-xss-auth_14.html
https://github.com/Squnity/bug-bounty-reference#brute-force
Web Authentication Endpoint Credentials Brute-Force Vulnerabilityhttps://hackerone.com/reports/127844
InstaBrute: Two Ways to Brute-force Instagram Account Credentialshttps://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-instagram-account-credentials/
How I Could Compromise 4% (Locked) Instagram Accountshttps://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/
Possibility to brute force invite codes in riders.uber.comhttps://hackerone.com/reports/125505
Brute-Forcing invite codes in partners.uber.comhttps://hackerone.com/reports/144616
How I could have hacked all Facebook accountshttp://www.anandpraka.sh/2016/03/how-i-could-have-hacked-your-facebook.html
Facebook Account Take Over by using SMS verification code, not accessible by now, may get update from author laterhttp://arunsureshkumar.me/index.php/2016/04/24/facebook-account-take-over/
https://github.com/Squnity/bug-bounty-reference#sql-injection
SQL injection in Wordpress Plugin Huge IT Video Gallery in Uberhttps://hackerone.com/reports/125932
SQL Injection on sctrack.email.uber.com.cnhttps://hackerone.com/reports/150156
Yahoo – Root Access SQL Injection – tw.yahoo.comhttp://buer.haus/2015/01/15/yahoo-root-access-sql-injection-tw-yahoo-com/
Multiple vulnerabilities in a WordPress plugin at drive.uber.comhttps://hackerone.com/reports/135288
GitHub Enterprise SQL Injectionhttp://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
https://github.com/Squnity/bug-bounty-reference#stealing-access-token
Facebook Access Token Stolenhttps://whitton.io/articles/stealing-facebook-access-tokens-with-a-double-submit/
Obtaining Login Tokens for an Outlook, Office or Azure Accounthttps://whitton.io/articles/obtaining-tokens-outlook-office-azure-account/
Bypassing Digits web authentication's host validation with HPPhttps://hackerone.com/reports/114169
Bypass of redirect_uri validation with /../ in GitHubhttp://homakov.blogspot.hk/2014/02/how-i-hacked-github-again.html?m=1
Bypassing callback_url validation on Digitshttps://hackerone.com/reports/108113
Stealing livechat token and using it to chat as the user - user information disclosurehttps://hackerone.com/reports/151058
Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)https://hackerone.com/reports/143717
Internet Explorer has a URL problem, on GitHubhttp://blog.innerht.ml/internet-explorer-has-a-url-problem/
How I made LastPass give me all your passwordshttps://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
Steal Google Oauth in Microsofthttp://blog.intothesymmetry.com/2015/06/on-oauth-token-hijacks-for-fun-and.html
Steal FB Access Tokenhttp://blog.intothesymmetry.com/2014/04/oauth-2-how-i-have-hacked-facebook.html
Paypal Access Token Leakedhttp://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html?m=1
Steal FB Access Tokenhttp://homakov.blogspot.sg/2013/02/hacking-facebook-with-oauth2-and-chrome.html
Appengine Cool Bughttps://proximasec.blogspot.hk/2017/02/a-tale-about-appengines-authentication.html
Slack post message real life experiencehttps://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
Bypass redirect_urihttp://nbsriharsha.blogspot.in/2016/04/oauth-20-redirection-bypass-cheat-sheet.html
Stealing Facebook Messenger nonce worth 15khttps://stephensclafani.com/2017/03/21/stealing-messenger-com-login-nonces/
https://github.com/Squnity/bug-bounty-reference#google-oauth-bypass
Bypassing Google Authentication on Periscope's Administration Panelhttps://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/
https://github.com/Squnity/bug-bounty-reference#csrf
Messenger.com CSRF that show you the steps when you check for CSRFhttps://whitton.io/articles/messenger-site-wide-csrf/
Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack)https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
Hacking PayPal Accounts with one click (Patched)http://yasserali.com/hacking-paypal-accounts-with-one-click/
Add tweet to collection CSRFhttps://hackerone.com/reports/100820
Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Funhttp://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun/
How i Hacked your Beats account ? Apple Bug Bountyhttps://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/
https://github.com/Squnity/bug-bounty-reference#remote-code-execution
JDWP Remote Code Execution in PayPalhttps://www.vulnerability-lab.com/get_content.php?id=1474
XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook's servershttp://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
How I Hacked Facebook, and Found Someone's Backdoor Scripthttp://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
uber.com may RCE by Flask Jinja2 Template Injectionhttps://hackerone.com/reports/125980
Yahoo Bug Bounty - *.login.yahoo.com Remote Code Executionhttp://blog.orange.tw/2013/11/yahoo-bug-bounty-part-2-loginyahoocom.html
How we broke PHP, hacked Pornhub and earned $20,000https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
RCE deal to tricky file uploadhttps://www.secgeek.net/bookfresh-vulnerability/
WordPress SOME bug in plupload.flash.swf leading to RCE in Automatichttps://hackerone.com/reports/134738
Read-Only user can execute arbitraty shell commands on AirOShttps://hackerone.com/reports/128750
Remote Code Execution by impage upload!https://hackerone.com/reports/158148
Popping a shell on the Oculus developer portalhttps://bitquark.co.uk/blog/2014/08/31/popping_a_shell_on_the_oculus_developer_portal
Crazy! PornHub RCE AGAIN!!! How I hacked Pornhub for fun and profit - 10,000$https://5haked.blogspot.sg/
PayPal Node.js code injection (RCE)http://artsploit.blogspot.hk/2016/08/pprce2.html
eBay PHP Parameter Injection lead to RCEhttp://secalert.net/#ebay-rce-ccs
Yahoo Acqusition RCEhttps://seanmelia.files.wordpress.com/2016/02/yahoo-remote-code-execution-cms1.pdf
Command Injection Vulnerability in Hostingerhttp://elladodelnovato.blogspot.hk/2017/02/command-injection-vulnerability-in.html?spref=tw&m=1
RCE in Airbnb by Ruby Injectionhttp://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-interpolation-led-to-remote-code-execution/
RCE in Imgur by Command Linehttps://hackerone.com/reports/212696
RCE in git.imgur.com by abusing out dated softwarehttps://hackerone.com/reports/206227
RCE in Disclosurehttps://hackerone.com/reports/213558
Remote Code Execution by struct2 Yahoo Serverhttps://medium.com/@th3g3nt3l/how-i-got-5500-from-yahoo-for-rce-92fffb7145e6
Command Injection in Yahoo Acquisitionhttp://samcurry.net/how-i-couldve-taken-over-the-production-server-of-a-yahoo-acquisition-through-command-injection/
Paypal RCEhttp://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/
$50k RCE in JetBrains IDEhttp://blog.saynotolinux.com/blog/2016/08/15/jetbrains-ide-remote-code-execution-and-local-file-disclosure-vulnerability-analysis/
$20k RCE in Jenkin Instancehttp://nahamsec.com/secure-your-jenkins-instance-or-hackers-will-force-you-to/
https://github.com/Squnity/bug-bounty-reference#deserialization
Java Deserialization in manager.paypal.comhttp://artsploit.blogspot.hk/2016/01/paypal-rce.html
Instagram's Million Dollar Bughttp://www.exfiltrated.com/research-Instagram-RCE.php
(Ruby Cookie Deserialization RCE on facebooksearch.algolia.comhttps://hackerone.com/reports/134321
Java deserializationhttps://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/
https://github.com/Squnity/bug-bounty-reference#image-tragick
Exploiting ImageMagick to get RCE on Polyvore (Yahoo Acquisition)http://nahamsec.com/exploiting-imagemagick-on-yahoo/
Exploting ImageMagick to get RCE on HackerOnehttps://hackerone.com/reports/135072
Trello bug bounty: Access server's files using ImageTragickhttps://hethical.io/trello-bug-bounty-access-servers-files-using-imagetragick/
40k fb rcehttps://github.com/Squnity/bug-bounty-reference/blob/master/4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Yahoo Bleed 1https://scarybeastsecurity.blogspot.hk/2017/05/bleed-continues-18-byte-file-14k-bounty.html
Yahoo Bleed 2https://scarybeastsecurity.blogspot.hk/2017/05/bleed-more-powerful-dumping-yahoo.html
https://github.com/Squnity/bug-bounty-reference#insecure-direct-object-reference-idor
Trello bug bounty: The websocket receives data when a public company creates a team visible boardhttps://hethical.io/trello-bug-bounty-the-websocket-receives-data-when-a-public-company-creates-a-team-visible-board/
Trello bug bounty: Payments informations are sent to the webhook when a team changes its visibilityhttps://hethical.io/trello-bug-bounty-payments-informations-are-sent-to-the-webhook-when-a-team-changes-its-visibility/
Change any user's password in Uberhttps://hackerone.com/reports/143717
Vulnerability in Youtube allowed moving comments from any video to anotherhttps://www.secgeek.net/youtube-vulnerability/
Twitter Vulnerability Could Credit Cards from Any Twitter Accounthttps://www.secgeek.net/twitter-vulnerability/
One Vulnerability allowed deleting comments of any user in all Yahoo siteshttps://www.secgeek.net/yahoo-comments-vulnerability/
Microsoft-careers.com Remote Password Resethttp://yasserali.com/microsoft-careers-com-remote-password-reset/
How I could change your eBay passwordhttp://yasserali.com/how-i-could-change-your-ebay-password/
Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authenticationhttps://duo.com/blog/duo-security-researchers-uncover-bypass-of-paypal-s-two-factor-authentication
Hacking Facebook.com/thanks Posting on behalf of your friends! http://www.anandpraka.sh/2014/11/hacking-facebookcomthanks-posting-on.html
How I got access to millions of [redacted] accountshttps://bitquark.co.uk/blog/2016/02/09/how_i_got_access_to_millions_of_redacted_accounts
All Vimeo Private videos disclosure via Authorization Bypass with Excellent Technical Descriptionhttps://hackerone.com/reports/137502
Urgent: attacker can access every data source on Bimehttps://hackerone.com/reports/149907
Downloading password protected / restricted videos on Vimeohttps://hackerone.com/reports/145467
Get organization info base on uuid in Uberhttps://hackerone.com/reports/151465
How I Exposed your Primary Facebook Email Address (Bug worth $4500)http://roy-castillo.blogspot.hk/2013/07/how-i-exposed-your-primary-facebook.html
DOB disclosed using “Facebook Graph API Reverse Engineering”https://medium.com/@rajsek/my-3rd-facebook-bounty-hat-trick-chennai-tcs-er-name-listed-in-facebook-hall-of-fame-47f57f2a4f71#.9gbtbv42q
Change the description of a video without publish_actions permission in Facebookhttp://philippeharewood.com/change-the-description-of-a-video-without-publish_actions-permission/
Response To Request Injection (RTRI)https://www.bugbountyhq.com/front/latestnews/dWRWR0thQ2ZWOFN5cTE1cXQrSFZmUT09/
Leak of all project names and all user names , even across applications on Harvesthttps://hackerone.com/reports/152696
Changing paymentProfileUuid when booking a trip allows free rides at Uberhttps://hackerone.com/reports/162809
View private tweethttps://hackerone.com/reports/174721
Uber Enum UUIDhttp://www.rohk.xyz/uber-uuid/
Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any Userhttp://stephensclafani.com/2014/07/08/hacking-facebooks-legacy-api-part-1-making-calls-on-behalf-of-any-user/
Hacking Facebook’s Legacy API, Part 2: Stealing User Sessionshttp://stephensclafani.com/2014/07/29/hacking-facebooks-legacy-api-part-2-stealing-user-sessions/
Delete FB Videohttps://danmelamed.blogspot.hk/2017/01/facebook-vulnerability-delete-any-video.html
Delete FB Videohttps://pranavhivarekar.in/2016/06/23/facebooks-bug-delete-any-video-from-facebook/
Facebook Page Takeover by Manipulating the Parameterhttp://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Viewing private Airbnb Messageshttp://buer.haus/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airbnb-messages/
IDOR tweet as any userhttp://kedrisec.com/twitter-publish-by-any-user/
Classic IDOR endpoints in Twitterhttp://www.anandpraka.sh/2017/05/how-i-took-control-of-your-twitter.html
Mass Assignment, Response to Request Injection, Admin Escalationhttps://seanmelia.wordpress.com/2017/06/01/privilege-escalation-in-a-django-application/
https://github.com/Squnity/bug-bounty-reference#xxe
How we got read access on Google’s production servershttps://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/
Blind OOB XXE At UBER 26+ Domains Hackedhttp://nerdint.blogspot.hk/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html
XXE through SAMLhttps://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf
XXE in Uber to read local fileshttps://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html
XXE by SVG in community.lithium.comhttp://esoln.net/Research/2017/03/30/xxe-in-lithium-community-platform/
https://github.com/Squnity/bug-bounty-reference#unrestricted-file-upload
File Upload XSS in image uploading of App in mopubhttps://hackerone.com/reports/97672
RCE deal to tricky file uploadhttps://www.secgeek.net/bookfresh-vulnerability/
File Upload XSS in image uploading of App in mopub in Twitterhttps://hackerone.com/reports/97672
https://github.com/Squnity/bug-bounty-reference#server-side-request-forgery-ssrf
ESEA Server-Side Request Forgery and Querying AWS Meta Datahttp://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/
SSRF to pivot internal networkhttps://seanmelia.files.wordpress.com/2016/07/ssrf-to-pivot-internal-networks.pdf
SSRF to LFIhttps://seanmelia.wordpress.com/2015/12/23/various-server-side-request-forgery-issues/
SSRF to query google internal serverhttps://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/
SSRF by using third party Open redirecthttps://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
SSRF tips from BugBountyHQ of Imageshttps://twitter.com/BugBountyHQ/status/868242771617792000
SSRF to RCEhttp://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html
XXE at Twitterhttps://hackerone.com/reports/248668
Blog post: Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
https://github.com/Squnity/bug-bounty-reference#race-condition
Race conditions on Facebook, DigitalOcean and others (fixed)http://josipfranjkovic.blogspot.hk/2015/04/race-conditions-on-facebook.html
Race Conditions in Popular reports feature in HackerOnehttps://hackerone.com/reports/146845
https://github.com/Squnity/bug-bounty-reference#business-logic-flaw
Facebook simple technical hack to see the timelinehttp://ashishpadelkar.com/index.php/2015/09/23/facebook-simple-technical-bug-worth-7500/
How I Could Steal Money from Instagram, Google and Microsofthttps://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
How I could have removed all your Facebook noteshttp://www.anandpraka.sh/2015/12/summary-this-blog-post-is-about.html
Facebook - bypass ads account's roles vulnerability 2015http://blog.darabi.me/2015/03/facebook-bypass-ads-account-roles.html
Uber Ride for Freehttp://www.anandpraka.sh/2017/03/how-anyone-could-have-used-uber-to-ride.html
Uber Eat for Freehttps://t.co/MCOM7j2dWX
https://github.com/Squnity/bug-bounty-reference#authentication-bypass
OneLogin authentication bypass on WordPress sites via XMLRPC in Uberhttps://hackerone.com/reports/138869
2FA PayPal Bypasshttps://henryhoggard.co.uk/blog/Paypal-2FA-Bypass
SAML Bug in Github worth 15000http://www.economyofmechanism.com/github-saml.html
Authentication bypass on Airbnb via OAuth tokens thefthttps://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
Uber Login CSRF + Open Redirect -> Account Takeover at Uberhttp://ngailong.com/uber-login-csrf-open-redirect-account-takeover/
http://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1](Administrativehttp://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1](Administrative
Uber Bug Bounty: Gaining Access To An Internal Chat Systemhttp://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/
Flickr Oauth Misconfigurationhttps://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/
Slack SAML authentication bypasshttp://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
https://github.com/Squnity/bug-bounty-reference#http-header-injection
Twitter Overflow Trilogy in Twitterhttps://blog.innerht.ml/overflow-trilogy/
Twitter CRLFhttps://blog.innerht.ml/twitter-crlf-injection/
Adblock Plus and (a little) more in Googlehttps://adblockplus.org/blog/finding-security-issues-in-a-website-or-how-to-get-paid-by-google
$10k host headerhttps://sites.google.com/site/testsitehacking/10k-host-header
https://github.com/Squnity/bug-bounty-reference#subdomain-takeover
Hijacking tons of Instapage expired users Domains & Subdomainshttp://www.geekboy.ninja/blog/hijacking-tons-of-instapage-expired-users-domains-subdomains/
Reading Emails in Uber Subdomainshttps://hackerone.com/reports/156536
Slack Bug Journeyhttp://secalert.net/slack-security-bug-bounty.html
Subdomain takeover and chain it to perform authentication bypasshttps://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/
https://github.com/Squnity/bug-bounty-reference#author-write-up
Payment Flaw in Yahoohttp://ngailong.com/abusing-multistage-logic-flaw-to-buy-anything-for-free-at-hk-deals-yahoo-com/
Bypassing Google Email Domain Check to Deliver Spam Email on Google’s Behalfhttp://ngailong.com/bypassing-google-email-domain-check-to-deliver-spam-email-on-googles-behalf/
When Server Side Request Forgery combine with Cross Site Scriptinghttp://ngailong.com/what-could-happen-when-server-side-request-forgery-combine-with-cross-site-scripting/
https://github.com/Squnity/bug-bounty-reference#xssi
Plain Text Reading by XSSIhttp://balpha.de/2013/02/plain-text-considered-harmful-a-cross-domain-exploit/
JSON hijackinghttp://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html
OWASP XSSIhttps://www.owasp.org/images/f/f3/Your_Script_in_My_Page_What_Could_Possibly_Go_Wrong_-_Sebastian_Lekies%2BBen_Stock.pdf
Japan Identifier based XSSI attackshttp://www.mbsd.jp/Whitepaper/xssi.pdf
JSON Hijack Slidehttps://www.owasp.org/images/6/6a/OWASPLondon20161124_JSON_Hijacking_Gareth_Heyes.pdf
https://github.com/Squnity/bug-bounty-reference#email-related
This domain is my domain - G Suite A record vulnerabilityhttp://blog.pentestnepal.tech/post/156959105292/this-domain-is-my-domain-g-suite-a-record
I got emails - G Suite Vulnerabilityhttp://blog.pentestnepal.tech/post/156707088037/i-got-emails-g-suite-vulnerability
How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]http://blog.pentestnepal.tech/post/150381068912/how-i-snooped-into-your-private-slack-messages
Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]http://blog.pentestnepal.tech/post/149985438982/reading-ubers-internal-emails-uber-bug-bounty
Slack Yammer Takeover by using TicketTrickhttps://medium.com/@intideceukelaire/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
How I could have mass uploaded from every Flickr account!https://ret2got.wordpress.com/2017/10/05/how-i-could-have-mass-uploaded-from-every-flickr-account/
https://github.com/Squnity/bug-bounty-reference#money-stealing
Round error issue -> produce money for free in Bitcoin Sitehttps://hackerone.com/reports/176461
https://github.com/Squnity/bug-bounty-reference#2017-local-file-inclusion
Disclosure Local File Inclusion by Symlinkhttps://hackerone.com/reports/213558
Facebook Symlink Local File Inclusionhttp://josipfranjkovic.blogspot.hk/2014/12/reading-local-files-from-facebooks.html
Gitlab Symlink Local File Inclusionhttps://hackerone.com/reports/158330
Gitlab Symlink Local File Inclusion Part IIhttps://hackerone.com/reports/178152
Multiple Company LFIhttp://panchocosil.blogspot.sg/2017/05/one-cloud-based-local-file-inclusion.html
LFI by video conversion, excited about this trick!https://hackerone.com/reports/226756
https://github.com/Squnity/bug-bounty-reference#miscellaneous
SAML Pen Test Good Paperhttp://research.aurainfosec.io/bypassing-saml20-SSO/
A list of FB writeup collected by phwdhttps://www.facebook.com/notes/phwd/facebook-bug-bounties/707217202701640
NoSQL Injectionhttp://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html
CORS in actionhttp://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin-resource-sharing/
CORS in Fb messengerhttp://www.cynet.com/blog-facebook-originull/
Web App Methodologieshttps://blog.zsec.uk/ltr101-method-to-madness/
XXE Cheatsheethttps://www.silentrobots.com/blog/2015/12/14/xe-cheatsheet-update/
The road to hell is paved with SAML Assertions, Microsoft Vulnerabilityhttp://www.economyofmechanism.com/office365-authbypass.html#office365-authbypass
Study this if you like to learn Mongo SQL Injectionhttps://cirw.in/blog/hash-injection
Mongo DB Injection againhttp://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html
w3af speech about modern vulnerabilityhttps://www.youtube.com/watch?v=GNU0_Uzyvl0
Web cache attack that lead to account takeoverhttp://omergil.blogspot.co.il/2017/02/web-cache-deception-attack.html
A talk to teach you how to use SAML Raiderhttps://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/somorovsky
XSS Checklist when you have no idea how to exploit the bughttp://d3adend.org/xss/ghettoBypass
CTF write up, Great for Bug Bountyhttps://ctftime.org/writeups?tags=web200&hidden-tags=web%2cweb100%2cweb200
It turns out every site uses jquery mobile with Open Redirect is vulnerable to XSShttp://sirdarckcat.blogspot.com/2017/02/unpatched-0day-jquery-mobile-xss.html
Bypass CSP by using google-analyticshttps://hackerone.com/reports/199779
Payment Issue with Paypalhttps://hackerone.com/reports/219215
Browser Exploitation in Chinesehttp://paper.seebug.org/
XSS bypass filterhttps://t.co/0Kpzo52ycb
Markup Impropose Sanitizationhttps://github.com/ChALkeR/notes/blob/master/Improper-markup-sanitization.md
Breaking XSS mitigations via Script Gadgethttps://www.blackhat.com/docs/us-17/thursday/us-17-Lekies-Dont-Trust-The-DOM-Bypassing-XSS-Mitigations-Via-Script-Gadgets.pdf
X41 Browser Security White Paperhttps://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf
Bug Bounty Cheatsheetshttps://github.com/EdOverflow/bugbounty-cheatsheet
Messing with the Google Buganizer System for $15,600 in Bountieshttps://medium.freecodecamp.org/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5
https://github.com/djadmin/awesome-bug-bountyhttps://github.com/djadmin/awesome-bug-bounty
Readme https://github.com/Squnity/bug-bounty-reference#readme-ov-file
Please reload this pagehttps://github.com/Squnity/bug-bounty-reference
Activityhttps://github.com/Squnity/bug-bounty-reference/activity
Custom propertieshttps://github.com/Squnity/bug-bounty-reference/custom-properties
0 forkshttps://github.com/Squnity/bug-bounty-reference/forks
Report repository https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2FSqunity%2Fbug-bounty-reference&report=Squnity+%28user%29
Releaseshttps://github.com/Squnity/bug-bounty-reference/releases
Packages 0https://github.com/orgs/Squnity/packages?repo_name=bug-bounty-reference
Please reload this pagehttps://github.com/Squnity/bug-bounty-reference
Contributorshttps://github.com/Squnity/bug-bounty-reference/graphs/contributors
Please reload this pagehttps://github.com/Squnity/bug-bounty-reference
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.