API tools faq
paste
0xspade

Write Ups Unfinished

0xspade
Sep 6th, 2019
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.44 KB | None | 0 0
raw download clone embed print report
  1. WRITE UPS
  2. https://github.com/ngalongc/bug-bounty-reference
  3.  
  4. --XSS--
  5. https://blog.innerht.ml/rpo-gadgets/
  6. https://web.archive.org/web/20190407100133/https://whitton.io/articles/uber-turning-self-xss-into-good-xss/
  7. https://web.archive.org/web/20170831053844/https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify
  8. https://web.archive.org/web/20171108050241/https://whitton.io/articles/xss-on-facebook-via-png-content-types/
  9. https://web.archive.org/web/20171108050241/https://whitton.io/articles/xss-on-facebook-via-png-content-types/
  10. https://www.pranav-venkat.com/2016/03/command-injection-which-got-me-6000.html
  11. https://web.archive.org/web/20180307025611/https://www.paulosyibelo.com/2015/12/facebooks-moves-oauth-xss.html
  12. https://klikki.fi/adv/yahoo.html
  13. https://mksben.l0.cm/2016/07/xxn-caret.html
  14. https://labs.detectify.com/2015/06/06/google-xss-turkey/
  15. https://labs.detectify.com/2016/10/24/combining-host-header-injection-and-lax-host-parsing-serving-malicious-data/
  16. https://blog.it-securityguard.com/bugbounty-decoding-a-%F0%9F%98%B1-00000-htpasswd-bounty/
  17. http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/
  18. https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/
  19. https://hackerone.com/reports/262230
  20. https://blog.blackfan.ru/2017/09/devtwittercom-xss.html
  21. https://web.archive.org/web/20180602160116/http://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html
  22. https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/
  23. https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be
  24.  
  25.  
  26. --BRUTE FORCE--
  27. https://hackerone.com/reports/127844
  28. https://zseano.com/tutorials/3.html
  29.  
  30. --SQL INJECTION--
  31. https://hackerone.com/reports/150156
  32. https://hackerone.com/reports/135288
  33. https://buer.haus/2015/01/15/yahoo-root-access-sql-injection-tw-yahoo-com/
  34.  
  35. --STEALING ACCESS TOKEN--
  36. https://hackerone.com/reports/108113
  37. https://hackerone.com/reports/143717
  38. https://blog.innerht.ml/internet-explorer-has-a-url-problem/
  39. http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html?m=1
  40. https://nbsriharsha.blogspot.com/2016/04/oauth-20-redirection-bypass-cheat-sheet.html
  41. https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-code-faa9cc8d0d37
  42.  
  43.  
  44. --RCE--
  45. https://nahamsec.com/secure-your-jenkins-instance-or-hackers-will-force-you-to/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!