Some Good web hacking notes

[protocoll]

GitHub - daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

All about bug bounty (bypasses, payloads, and etc) - GitHub - daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

github.com

List​

• Arbitrary File Upload
• Business Logic Errors
• CRLF Injection
• Cross Site Request Forgery (CSRF)
• Cross Site Scripting (XSS)
• Denial of Service (DoS)
• Exposed Source Code
• Host Header Injection
• Insecure Direct Object References (IDOR)
• Local File Inclusion (LFI)
• NoSQL Injection
• OAuth Misconfiguration
• Open Redirect
• Remote File Inclusion (RFI)
• SQL Injection (SOON)
• Web Cache Poisoning

List Bypass​

• Bypass 2FA
• Bypass 403
• Bypass 304
• Bypass 429
• Bypass Captcha
• Bypass CSRF

Miscellaneous​

• Account Takeover
• Broken Link Hijacking
• Default Credentials
• Email Spoofing
• JWT Vulnerabilities
• Mass Assignment
• Password Reset Flaws
• Tabnabbing

Technologies​

• Apache (HTTP Server)
• Confluence
• Grafana
• HAProxy
• Jira
• Jenkins
• Moodle
• Laravel
• Nginx
• WordPress
• Zend

Reconnaissance​

• Scope Based Recon
• Github Dorks
• Google Dorks
• Shodan Dorks