BUG BOUNTY WRITEUPS - OWASP TOP 10
作者:Sec-Labs | 发布时间:
项目介绍
不要再做乞讨悬赏(BEG-BOUNTIES)了--不要再抄袭别人的POC了! 做一些不同的事情!
项目地址
https://github.com/alexbieber/Bug_Bounty_writeups
Cross Site Scripting (XSS)
- From P5 to P2 to 100 BXSS
- Google Acquisition XSS (Apigee)
- DOM-Based XSS at accounts.google.com by Google Voice Extension
- XSS on Microsoft.com via Angular Js template injection
- Researching Polymorphic Images for XSS on Google Scholar
- Netflix Party Simple XSS
- Stored XSS in google nest
- Self XSS to persistent XSS on login portal
- Universal XSS affecting Firefox
- XSS WAF Character limitation bypass like a boss
- Self XSS to Account Takeover
- Reflected XSS on Microsoft subdomains
- The tricky XSS
- Reflected XSS in AT&T
- XSS on Google using Acunetix
- Exploiting websocket application wide XSS
- Reflected XSS with HTTP Smuggling
- XSS on Facebook instagram CDN server bypassing signature protection
- XSS on Facebook's Acquisition Oculus
- XSS on sony Subdomain
- Exploiting Self XSS
- Effortlessly Finding Cross Site Scripting inclusion XSSI
- Bugbounty a DOM XSS
- Blind XSS : a mind Game
- FireFox IOS QR code reader XSS(CVE-2019-17003)
- HTML injection to XSS
- CVE-2020-13487 | Authenticated Stored Cross-site Scripting in bbPress
- XSS at error page of repository code
- XSS like a Pro
- How I turned self XSS to stored XSS via CSRF
- XSS Stored on Outlook web
- XSS Bug 20 Chars Blind XSS Payload
- XSS in AMP4EMAIL(DOM clobbering)
- DOM Based XSS bug bounty writeup
- XSS will never die
- 5000 USD XSS issue at avast desktop antivirus
- XSS to account takeover
- How Paypal helped me to generate XSS
- Bypass Uppercase filters like a PRO(XSS advanced methods)
- Stealing login credentials with reflected XSS
- bughunting xss on cookie popup warning
- XSS is love
- Oneplus XSS vulnerability in customer support portal
- Exploiting cookie based XSS by finding RCE
- Stored XSS on zendesk via macros
- XSS in ZOHO main
- DOM based XSS in private program
- Bugbounty writeup : Take Attention and get stored XSSS
- How I xssed admin account
- Clickjacking XSS on google
- Stored XSS on laporbugid
- Leveraging angularjs based XSS to privilege escalation
- How I found XSS by searching in shodan
- Chaining caache poisining to stored XSS
- XSS to RCE
- XSS on twitter worth 1120
- Reflected XSS in ebay.com
- Cookie based XSS exolpoitation 2300 bug bounty
- What do netcat -SMTP-self XSS have in common
- XSS on google custom search engine
- Story of a Full Account Takeover vulnerability N/A to Accepted
- Yeah I got p2 in 1 minute stored XSS via markdown editor
- Stored XSS on indeed
- Self XSS to evil XSS
- How a classical XSS can lead to persistent ATO vulnerability
- Reflected XSS in tokopedia train ticket
- Bypassing XSS filter and stealing user credit card data
- Googleplex.com blind XSS
- Reflected XSS on error page
- How I was able to get private ticket response panel and fortigate web panel via blind XSS
- Unicode vs WAF
- Story of URI based XSS with some simple google dorking
- Stored XSS on edmodo
- XSSed my way to 1000
- Try harder for XSS
- From parameter pollution to XSS
- MIME sniffing XSS
- Stored XSS on techprofile Microsoft
- Tale of a wormable Twitter XSS
- XSS attacks google bot index manipulation
- From Reflected XSS to Account takeover
- Stealing local storage data through XSS
- CSRF attack can lead to stored XSS
- XSS Reflected (filter bypass)
- XSS protection bypass on hackerone private program
- Just 5 minutes to get my 2nd Stored XSS on edmodo.com
- Multiple XSS in skype.com
- Obtaining XSS using moodle featured and minor bugs
- XSS on 403 forbidden bypass akamai WAF
- How I was turn self XSS into reflected XSS
- A Tale of 3 XSS
- Stored XSS on Google.com
- Stored XSS in the Guides gameplaersion (www.dota2.com)
- Admin google.com reflected XSS
- Paypal Stored security bypass
- Paypal DOM XSS main domain
- Bugbounty : The 5k$ Google XSS
- Facebook stored XSS
- Ebay mobile reflected XSS
- Magix bugbounty XSS writeup
- Abusing CORS for an XSS on flickr
- XSS on google groups
- Oracle XSS
- Content types and XSS Facebook Studio
- Admob Creative image XSS
- Amazon Packaging feedback XSS
- PaypalTech XSS
- Persistent XSS on my world
- Google VRP XSS in device management
- Google VRP XSS
- Google VRP Blind XSS
- WAZE XSS
- Referer Based XSS
- How we invented the Tesla DOM XSS
- Stored XSS on rockstar game
- How I was able to bypass strong XSS protection in well known website imgur.com
- Self XSS to Good XSS
- That escalated quickly : from partial CSRF to reflected XSS to complete CSRF to Stored XSS
- XSS using dynamically generated js file
- Bypassing XSS filtering at anchor Tags
- XSS by tossing cookies
- Coinbase angularjs dom XSS via kiteworks
- Medium Content spoofing and XSS
- Managed Apps and music a tale of two XSSes in Google play
- Making an XSS triggered by CSP bypass on twitter
- Escalating XSS in phantomjs image rendering to SSRF
- Reflected XSS in Simplerisk
- Stored XSS in the heart of the russian email provider
- How I built an XSS worm on atmail
- XSS on bugcrowd and so many other websites main domain
- Godaddy XSS affects parked domains redirector Processor
- Stored XSS in Google image search
- A pair of plotly bugs stored XSS abd AWS metadata
- Near universal XSS in mcafee web gateway
- Penetrating Pornhub XSS vulns
- How I found a 5000 Google maps XSS by fiddling with protobuf
- Airbnb when bypassing json encoding XSS filter WAF CSP and auditior turns into eight vulnerabilities
- Lightwight markup a trio of persistent XSS in gitlab
- XSS ONE BAY
- SVG XSS in unifi
- Stored XSS in unifi V4.8.12 controller
- Turning self XSS into good XSS v2
- SWF XSS DOM Based XSS
- XSS filter bypass in Yahoo Dev flurry
- XSS on Flickr
- Two vulnerabilities makes an exploit XSS and csrf in bing
- Runkeeper stored XSS
- Google sleeping XSS awakens 5k bounty
- Poisoning the well compromising godaddy customer support with blind XSS
- UBER turning self XSS to good XSS
- XSS on facebook via png content types
- Cloudflare XSS
- How I found XSS Vulnerability in Google
- XSS to RCE
- One payload to XSS them all
- Self XSS on komunitas
- Reclected XSS on alibabacloud
- Self XSS on komunitas bukalapak
- A real XSS in OLX
- Self XSS using IE adobes
- Stealing local storage through XSS
- 1000 USD in 5mins Stored XSS in Outlook
- OLX reflected XSS
- My first stored XSS on edmodo.com
- Hack your form new vector for BXSS
- How I found Blind XSS vulnerability in redacted.com
- 3 XSS in protonmail for iOS
- XSS in edmodo wihinin 5 mins
- Stil work redirect Yahoo subdomain XSS
- XSS in azure devOps
- Shopify reflected XSS
- Muliple Stored XSS on tokopedia
- Stored XSS on edmodo
- A unique XSS scenario 1000 Bounty
- Protonmail XSS Stored
- Chaining tricky ouath exploitation to stored XSS
- Antihack XSS to php uplaod
- Reflected XSS in zomato
- XSS through SWF file
- Hackyourform BXSS
- Reflected XSS on ASUS
- Stored XSS via Alternate text at zendesk support
- How I stumbled upon a stored XSS : my first bug bounty story
- Cookie based Self XSS to Good XSS
- Reflected XSS on amazon
- XSS worm : a creative use of web application vulnerability
- Google code in XSS
- Self XSS on indeed.com
- How I accidentally found XSS in Protonmail for iOS app
- XML XSS in yandex.ru by accident
- Critical Stored XSS vulnerability
- XSS bypass using META tag in realestate.postnl.nl
- Edmodo XSS bug
- XSS in hiden input fields
- How I discovered XSS that affected over 20 uber subdomains
- DOM based XSS or why you should not rely on cloudflare too much
- XSS in dynamics 365
- XSS deface with html and how to convert the html into charcode
- Cookie based injection XSS making explitable with exploiting other vulns
- XSS with put in ghost blog
- XSS using a Bug in safari and why blacklists are stupid
- Magic XSS with two parameters
- DOM XSS bug affecting tinder shopify Yelp
- Persistent XSS unvalidated open graph embed at linkedin.com
- My first 0day exploit CSP Bypass Reflected XSS
- Google Stored XSS in payments
- XSS on dropbox
- Weaponizing XSS attacking internal domains
- How I XSSed UBER and bypassed CSP
- RXSS and CSRF bypass to Account takeover
- Another XSS in google collaboratory
- How I bypassed AKAMAI waf in overstock.com
- Reflected XSS at philips.com
- XSS vulnerabilities in multiple iframe busters affecting top tier sites
- Reflected DOM XSS and clickjacking silvergoldbull
- Stored XSS vulnerability in h1 private
- Authbypass SQLi and XSS
- Stored XSS vulnerability in tumblr
- XSS in google code jam
- Mapbox XSS
- My first valid XSS
- Stored XSS in webcomponents.org
- 3 minutes XSS
- icloud.com DOM based XSS
- XSS at hubspot and in email areas
- Self XSS leads to blind XSS and Reflected XSS
- Refltected XSS primagames.com
- Stored XSS in gameskinny
- Blind XSS in Chrome experments Google
- Yahoo two XSSI vulnerabilities chained to steal user information (750$)
- How I found XSS on amazon
- A blind XSS in messengers twins
- XSS in microsoft Subdomain
- Persistent XSS at ah.nl
- The 12000 intersection betwenn clickjaking , XSS and DOS
- XSS in google collaboratory CSP bypass
- How I found blind XSS in apple
- Reflected XSS on amazon.com
- How I found XSS in 360totalsecurity
- The 2.5 BTC Stored XSS
- XSS Vulnerability in Netflix
- A story of a UXSS via DOM XSS clickjacking in steam inventory helper
- How I found XSS via SSRF vulnerability
- Searching for XSS found ldap injection
- how I converted SSRF to XSS in a SSRF vulnerable JIRA
- Reflected XSS in Yahoo subdomain
- Account takeover and blind XSS
- How I found 5 stored XSS on a private program
- Persistent XSS to steal passwords(Paypal)
- Self XSS + CSRF to stored XSS
- Stored XSS in yahoo and subdomains
- XSS in microsoft
- Blind XSS at customer support panel
- Reflected XSS on stackoverflow
- Stored XSS in Yahoo
- XSS 403 forbidden Bypass
- Turning self XSS into non self XSS via authorization issue at paypal
- A story of stored XSS bypass
- Mangobaaz hacked XSS to credentials
- How I got stored XSS using file upload
- Bypassing CSP to abusing XSS filter in edge
- XSS to session Hijacking
- Reflected XSS on www.zomato.com
- XSS in subdomain of yahoo
- XSS in yahoo.net subdomain
- Reflected XSS moongaloop swf version 62x
- Google adwords 3133.7 Stored XSS
- How I found a surprising XSS vulnerability on oracle netsuite
- Stored XSS on snapchat
- How I was able to bypass XSS protection on h1 private program
- Reflected XSS possible
- XSS via angularjs template injection hostinger
- Microsoft follow feature XSS (CVE-2017-8514)
- XSS protection bypass made my quickest bounty ever
- Taking note XSS to RCE in the simplenote electron client
- VMWARE official vcdx reflected XSS
- How I pwned a company using IDOR and Blind XSS
- From Recon to DOM based XSS
- Local file read via XSS
- Non persistent XSS at microsoft
- A Stored XSS in google (double kill)
- Filter bypass to Reflected XSS on finance.yahoo.com (mobile version)
- 900$ XSS in yahoo : recon wins
- How I bypassed practos firewall and triggered an XSS vulnerability
- Stored XSS to full information disclosure
- Story of parameter specific XSS
- Chaining self XSS with UI redressing leading to session hijacking
- Stored XSS with arbitrary cookie installation
- Reflective XSS and Open redirect on indeed.com subdomain
- How I found reflected XSS on Yahoo subdomain
- Dont just alert(1) because XSS is more fun
- UBER XSS by helpe of KNOXSS
- Reflected XSS in Yahoo
- Reflected XSS on ww.yahoo.com
- XSS because of wrong content type header
Cross Site Request Forgery (CSRF)
- How a simple CSRF attack turned into a P1
- How I exploited the json csrf with method override technique
- How I found CSRF(my first bounty)
- Exploiting websocket application wide XSS and CSRF
- Site wide CSRF on popular program
- Using CSRF I got weird account takeover
- CSRF CSRF CSRF
- Google Bugbounty CSRF in learndigital.withgoogle.com
- CSRF token bypass [a tale of 2k bug]
- 2FA bypass via CSRF attack
- Stored iframe injection CSRF account takeover
- Instagram delete media CSRF
- An inconsistent CSRF
- Bypass CSRF with clickjacking worth 1250
- Sitewide CSRF graphql
- Account takeover using CSRF json based
- CORS to CSRF attack
- My first CSRF to account takeover
- 4x chained CSRFs chained for account takeover
- CSRF can lead to stored XSS
- Yet other examples of abusing CSRF in logout
- Wordpress CSRF to RCE
- Bruteforce user IDs via CSRF to delete all the users with CSRF attack
- CSRF Bypass using cross frame scripting
- Account takeover via CSRF
- A very useful technique to bypass the CSRF protection
- CSRF account takeover exlpained automated manual bugbounty
- CSRF to account takeover
- How I got 500USD from microsoft for CSRF vulnerability
- Critical Bypass CSRF protection
- RXSS CSRF bypass to full account takeover
- Youtube CSRF
- Self XSS + CSRF = Stored XSS
- Ribose IDOR with simple CSRF bypass unrestrcited changes and deletion to other photo profile
- JSON CSRF attack on a social networking site
- Hacking facebook oculus integration CSRF
- Amazon leaking CSRF token using service worker
- Facebook graphql CSRF
- Chain the vulnerabilities and take your report impact on the moon csrf to html injection
- Partial CSRF to Full CSRF
- Stealing access token of one drive integration by chain csrf vulnerability
- Metasploit web project kill all running taks CSRF CVE-2017-5244
- Messenger site wide CSRF
- Hacking Facebook CSRF device login flow
- Two vulnerabilities makes an exploit XSS and CSRF in bing
- How I bypassed Facebook in 2016
- Ubiquiti bugbounty unifi generic CSRF protection Bypass
- Bypass Facebook CSRF
- Facebook CSRF full account takeover
Clickjacking (UI redressing attack)
- Google Bug bounty Clickjacking on Google payment
- Google APIs Clickjacking worth 1337$
- Clickjacking + XSS on Google org
- Bypass CSRF with clickjacking on Google org
- 1800 worth Clickjacking
- Account takeover with clickjacking
- Clickjacking on google CSE
- How I accidentally found clickjacking in Facebook
- Clickjacking on google myaccount worth 7500
- Clickjacking in google docs and void typing feature
- Reflected DOM XSS and Clickjacking
- binary.com clickjacking vulnerability exploiting HTML5 security features
- 12000 intersection betwen clickjacking XSS and denial of service
- Steam fire and paste : a story of uxss via DOM XSS and Clickjacking in steam inventory helper
- Yet another Google Clickjacking
- Redressing instagram leaking application tokens via instagram clickjacking vulnerability
- Self XSS to Good XSS and Clickjacking
- Microsoft Yammer clickjacking exploiting HTML5 security features
- Firefox find my device clickjacking
- Whatsapp Clickjacking vulnerability
- Telegram WEB client clickjacking vulnerability
- Facebook Clickjacking : how we put a new dress on facebook UI
Local File Inclusion (LFI)
- RFI LFI Writeup
- My first LFI
- Bug bounty LFI at Google.com
- Google LFI on production servers in redacted.google.com
- LFI to 10 server pwn
- LFI in apigee portals
- Chain the bugs to pwn an organisation LFI unrestricted file upload to RCE
- How we got LFI in apache drill recom like a boss
- Bugbounty journey from LFI to RCE
- LFI to RCE on deutche telekom bugbounty
- From LFI to RCE via PHP sessions
- magix bugbounty magix.com XSS RCE SQLI and LFI
- LFI in nokia maps
Subdomain Takeover
- How I bought my way to subdomain takeover on tokopedia
- Subdomain Takeover via pantheon
- Subdomain takeover : a unique way
- Escalating subdomain takeover to steal sensitive stuff
- Subdomain takeover awarded 200
- Subdomain takeover via wufoo service
- Subdomain takeover via Hubspot
- Souq.com subdomain takeover
- Subdomain takeover : new level
- Subdomain takeover due to misconfigured project settings for custom domain
- Subdomain takeover via shopify vendor
- Subdomain takeover via unsecured s3 bucket
- Subdomain takeover worth 200
- Subdomain takeover via campaignmonitor
- How to do 55000 subdomain takeover in a blink of an eye
- Subdomain takeover Starbucks (Part 2)
- Subdomain takeover Starbucks
- Uber wildcard subdomain takeover
- Bugcrowd domain subdomain takeover vulnerability
- Subdomain takeover vulnerability (Lamborghini Hacked)
- Authentication bypass on uber's SSO via subdomain takeover
- Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com
Denial of Service (DOS)
- Long String DOS
- AIRDOS
- Denial of Service DOS vulnerability in script loader (CVE-2018-6389)
- Github actions DOS
- Application level denial of service
- Banner grabbing to DOS and memory corruption
- DOS across Facebook endpoints
- DOS on WAF protected sites
- DOS on Facebook android app using zero width no break characters
- Whatsapp DOS vulnerability on android and iOS
- Whatsapp DOS vulnerability in iOS android
Authentication Bypass
- Touch ID authentication Bypass on evernote and dropbox iOS apps
- Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect
- Two factor authentication bypass
- Instagram multi factor authentication bypass
- Authentication bypass in nodejs application
- Symantec authentication Bypass
- Authentication bypass in CISCO meraki
- Slack SAML authentocation bypass
- Authentication bypass on UBER's SSO
- Authentication Bypass on airbnb via oauth tokens theft
- Inspect element leads to stripe account lockout authentication Bypass
- Authentication bypass on SSO ubnt.com
SQL Injection(SQLI)
- Tricky oracle SQLI situation
- Exploiting “Google BigQuery” SQLI
- SQLI via stopping the redirection to a login page
- Finding SQLI with white box analysis a recent bug example
- Bypassing a crappy WAF to exploit a blind SQLI
- SQL Injection in private-site.com/login.php
- Exploiting tricky blind SQLI
- SQLI in forget password fucntion
- SQLI Bug Bounty
- File Upload blind SQLI
- SQL Injection
- SQLI through User Agent
- SQLI in insert update query without comma
- SQLI for 50 bounty
- Abusing MYSQL CLients
- SQLI Authentication Bypass AutoTrader Webmail
- ZOL Zimbabwe Authentication Bypass to XSS & SQLi
- SQLI bootcamp.nutanix.com
- SQLI in University of Cambridge
- Making a blind SQLI a little less Blind SQLI
- SQLI amd silly WAF
- Attacking Postgresql Database
- Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection
- A 5 minute SQLI
- Union based SQLI writeup
- SQLI with load file and into outfile
- SQLI is Everywhere
- SQLI in Update Query Bug
- Blind SQLI Hootsuite
- Yahoo – Root Access SQLI – tw.yahoo.com
- Step by Step Exploiting SQLI in Oculus
- Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
- Tesla Motors blind SQLI
- SQLI in Nokia Sites
Insecure Direct Object Reference (IDOR)
- Disclose Private Dashboard Chart's name and data in Facebook Analytics
- Disclosing privately shared gaming clips of any user
- Adding anyone including non-friend and blocked people as co-host in personal event!
- Page analyst could view job application details
- Deleting Anyone's Video Poll
2FA related issues
- 2FA Bypass via logical rate limiting Bypass
- Bypass 2FA in a website
- Weird and simple 2FA bypass
- How I cracked 2FA with simple factor bruteforce
- Instagram account is reactivated without entering 2FA
- How to bypass 2FA with a HTTP header
- How I hacked 40k user accounts of microsoft using 2FA bypass outlook
- How I abused 2FA to maintain persistence after password recovery change google microsoft instragram
- Bypass hackerone 2FA
- Facebook Bug bounty : How I was able to enumerate instagram accounts who had enabled 2FA
CORS related issues
- CORS bug on google's 404 page (rewarded)
- CORS misconfiguration leading to private information disclosure
- CORS misconfiguration account takeover out of scope to grab items in scope
- Chrome CORS
- Bypassing CORS
- CORS to CSRF attack
- An unexploited CORS misconfiguration reflecting further issues
- Think outside the scope advanced cors exploitation techniques
- A simple CORS misconfiguration leaked private post of twitter facebook instagram
- Explpoiting CORS misconfiguration
- Full account takeover through CORS with connection sockets
- Exploiting insecure CORS API api.artsy.net
- Pre domain wildcard CORS exploitation
- Exploiting misconfigured CORS on popular BTC site
- Abusing CORS for an XSS on flickr
Server Side Request Forgery (SSRF)
- Exploiting an SSRF trials and tribulations
- SSRF on PDF generator
- Google VRP SSRF in Google cloud platform stackdriver
- Vimeo upload function SSRF
- SSRF via ffmeg processing
- My first SSRF using DNS rebinding
- Bugbounty simple SSRF
- SSRF reading local files from downnotifier server
- SSRF vulnerability
- Gain adfly SMTP access with SSRF via gopher protocol
- Blind SSRF in stripe.com due to senntry misconfiguration
- SSRF port issue hidden approch
- The jorney of web cache firewall bypass to SSRF to AWS credentials compromise
- SSRF to local file read and abusing aws metadata
- pdfreactor SSRF to root level local files read which lead to RCE
- SSRF trick : SSRF XSPA in micosoft's bing webwaster
- Downnotifeer SSRF
- Escalating SSRF to RCE
- Vimeo SSRF with code execution potential
- SSRF in slack
- Exploiting SSRF like a boss
- AWS takeover SSRF javascript
- Into the borg of SSRF inside google production network
- SSRF to local file disclosure
- How I found an SSRF in yahoo guesthouse (recon wins)
- Reading internal files using SSRF vulnerability
- Airbnb chaining third party open redirect into SSRF via liveperson chat
Race Condition
- Exploiting a Race condition vulnerabililty
- Race condition that could result to RCE a story with an app
- Creating thinking is our everything : Race condition and business logic
- Chaining improper authorization to Race condition to harvest credit card details
- A Race condition bug in Facebook chat groups
- Race condition bypassing team limit
- Race condition on web
- Race condition bugs on Facebook
- Hacking Banks With Race Conditions
- Race Condition Bug In Web App: A Use Case
- RACE Condition vulnerability found in bug-bounty program
- How to check Race Conditions in Web Applications
Remote Code Execution (RCE)
- Microsoft RCE bugbounty
- OTP bruteforce account takeover
- Attacking helpdesk RCE chain on deskpro with bitdefender
- Remote image upload leads to RCE inject malicious code
- Finding a p1 in one minute with shodan.io RCE
- From recon to optimizing RCE results simple story with one of the biggest ICT company
- Uploading backdoor for fun and profit RCE DB creds P1
- Responsible Disclosure breaking out of a sandboxed editor to perform RCE
- Wordpress design flaw leads to woocommerce RCE
- Path traversal while uploading results in RCE
- RCE jenkins instance
- Traversing the path to RCE
- How I chained 4 bugs features into RCE on amazon
- RCE due to showexceptions
- Yahoo luminate RCE
- Latex to RCE private bug bounty program
- How I got hall of fame in two fortune 500 companies an RCE story
- RCE by uploading a web config
- 36k Google app engine RCE
- How I found 2.9 RCE at yahoo
- Bypass firewall to get RCE
- RCE vulnerabilite in yahoo subdomain
- RCE in duolingos tinycards app from android
- Unrestricted file upload to RCE
- Getting a RCE (CTF WAY)
- RCE starwars
- How I got 5500 from yahoo for RCE
- RCE in Addthis
- Paypal RCE
- My First RCE (Stressed Employee gets me 2x bounty)
- Abusing ImageMagick to obtain RCE
- How Snapdeal Kept their Users Data at Risk!
- RCE via ImageTragick
- How I Cracked 2FA with Simple Factor Brute-force!
- Found RCE but got Duplicated
- “Recon” helped Samsung protect their production repositories of SamsungTv, eCommerce eStores
- IDOR to RCE
- RCE on AEM instance without JAVA knowledge
- RCE with Flask Jinja tempelate Injection
- Race Condition that could result to RCE
- Chaining Two 0-Days to Compromise An Uber Wordpress
- Oculus Identity Verification bypass through Brute Force
- Used RCE as Root on marathon Instance
- Two easy RCE in Atlassian Products
- RCE in Ruby using mustache templates
- About a Sucuri RCE…and How Not to Handle Bug Bounty Reports
- Source code disclosure vulnerability
- Bypassing custom Token Authentication in a Mobile App
- Facebook’s Burglary Shopping List
- From SSRF To RCE in PDFReacter
- Apache strust RCE
- Dell KACE K1000 Remote Code Execution
- Handlebars Tempelate Injection and RCE
- Leaked Salesforce API access token at IKEA.com
- Zero Day RCE on Mozilla's AWS Network
- Escalating SSRF to RCE
- Fixed : Brute-force Instagram account’s passwords
- Bug Bounty 101 — Always Check The Source Code
- ASUS RCE vulnerability on rma.asus-europe.eu
- Magento – RCE & Local File Read with low privilege admin rights
- RCE in Nokia.com
- Two RCE in SharePoint
- Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over
- RCE in Hubspot with EL injection in HubL
- Github Desktop RCE
- eBay Source Code leak
- Facebook source code disclosure in ads API
- XS-Searching Google’s bug tracker to find out vulnerable source code
Buffer Overflow Writeups
- Buffer Overflow Attack Book pdf
- Github Repository on Buffer Overflow Attack
- Stack-Based Buffer Overflow Attacks: Explained and Examples
- How Buffer Overflow Attacks Work
- Binary Exploitation: Buffer Overflows
- WHAT IS A BUFFER OVERFLOW? LEARN ABOUT BUFFER OVERRUN VULNERABILITIES, EXPLOITS & ATTACKS
Android Pentesting
标签:学习路线, 渗透技巧, 思路分享, 漏洞分享, 学习笔记