Github leak bug bounty ProjectDiscovery Team (Chaos) - They own and made available this data! Massive thanks to the whole ProjectDiscovery Team for sharing updated reconnaissance data of Public Bug Bounty programs. Many IT companies offer bug bounties to drive product improvement and get more interaction from end users or clients. PentesterLand Bug Bounty Writeups. TUTORIAL. Sublist3r - Fast subdomains enumeration tool for penetration testers; Amass - In-depth Attack Surface Mapping and Asset Discovery; massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration); Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time. Hackerone POC Reports. This page contains a streamlined methodology tailored for Bug Bounty Hunting, Web Application Penetration Testing (WAPT), and Vulnerability Assessment and Penetration Testing (VAPT). Dept Of Defense - 9 upvotes, $0; View another user information with IDOR vulnerability to U. io. Very rarely does a program accept reports through GitHub. Navigation Menu System environment variables leak - CVE-2022-0337. Can the team consider a closed/open bug bounty on it? Welcome to our web hacking and bug bounty hunting resource repository! A curated collection of web hacking tools, tips, and resources is available here. Aryan This repository contains various old image exploits (2016 - 2019) for known vulnerabilities in image processors. 148. Hak5 on YouTube. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. DEFCON Conference videos on YouTube. And this blog is about a vulnerability that, I was able to find in the Hackerone’s private program which allows me to take over any user’s account. ru - 17 upvotes, $0; Leaking Rockset API key on Github to Rockset - 17 Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. Enterprise-grade security features GitHub Copilot. Cache Deception Allows Account Takeover to Expedia Group Bug Bounty - 136 upvotes, $0; Account takeover - improper validation of jwt signature (with A reflected XSS in python/Lib/DocXMLRPCServer. com to Automattic - 114 upvotes, $0 However, the actor could still have substantial time to execute their operation using the leaked handle, as the interval between periodic checks was insufficient to preempt handle leaks. Slack H1 #207170: CSWSH (plus an additional writeup) Facebook: CSWSH; Stripo H1 #915541: CSWSH; Information leak; GitHub H1 #854439: Arbitrary SQL You signed in with another tab or window. 178. After RECON -> start by testing for access-control issues and info leaks. app - Search across a half million git repos; publicwww. Find and fix vulnerabilities oldhost is a tool for bug bounty hunters to discover old hosts that are no longer available, but might still be present on Race condition on the Federalist API endpoints can lead to the Denial of Service attack to GSA Bounty - 17 upvotes, $150; CSRF in attach phone API endpoint on delivery-club. Trello bug bounty: The websocket receives data when a public company creates a team visible board by Florian Courtial; Trello bug bounty: Payments informations are sent to the webhook when a team changes its visibility by Florian Courtial; Change any user's password in Uber by mongo; Vulnerability in Youtube allowed moving comments from any video to another by Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Google Dorks for Bug Bounty - By VeryLazyTech. Bug Hunting Tutorials. Argo CD CSRF leads to Kubernetes cluster compromise to Internet Bug Bounty - 29 upvotes, $4660; CSRF in Changing User Verification Email to TikTok Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. 201. As a bug bounty hunter, list ways ChatGPT can save me time for recon, find a good program, learn technical skills Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. security exploit hacking cybersecurity pentesting writeups bugbounty cve pentest payload red-team bugbountytips bugbounty Hello, fellow bug bounty hunters! This The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values to Internet Bug Bounty - 7 upvotes, $0; Upload and delete files in debug page without access control. py to Internet Bug Bounty - 115 upvotes, $0 Stored XSS in Snapmatic + R★Editor comments to Rockstar Games - 114 upvotes, $0 Stored XSS vulnerability in comments on *. In most cases, bypasses of these features via some edge case will not result in a Grafana Labs bug bounty. ) CVE-2015-3044, PSIRT-3298 to Internet Bug Bounty - 8 upvotes, $2000 Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. Most APIs use access tokens to determine the rights of the client API issue access token to each API Client; and clients use these access token to perform actions or retrieve data Top disclosed reports from HackerOne. KeyHacks shows methods to validate different API keys found on a Bug Bounty Program or a pentest. Enter a domain: Explore powerful Google Dorks curated for bug bounty hunting. Use these search queries to uncover hidden vulnerabilities and sensitive data - by VeryLazyTech. 2 Testing for Broken Access Control and Info Leaks. Markdown; HTML; Rendered. ; aquatone - Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. Contribute to securitycipher/daily-bugbounty-writeups development by As the official disclosed report at HackerOne shows, bounty hunter Th3G3nt3lman was awarded $15,000 after discovering and reporting a sensitive auth token that was In most cases, bypasses of these features via some edge case will not result in a bounty reward unless there is a privacy (confidentiality) breach. ; Sudomy - Sudomy is a subdomain Logger++ "This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. How To Shot Web — Jason Haddix, Starbucks Information Leak — Researcher peuch was awarded $1,000 for finding numerous leaks of sensitive data on Github. plazius. Topics Trending Collections Enterprise Enterprise platform. af] Multiple vulnerabilities allow to Application level DoS; $1000 CVE-2021-22946: Protocol downgrade required TLS bypassed; $250 Organization Members in Snap Kit Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. 🛡️ From web vulnerabilities to penetration testing essentials, we've got you covered. Github-subdomain: This Go tool performs searches on GitHub and parses the results to find subdomains of a given domain. If you have found a vulnerability, submit it here. You need to have the patience and determination to continue hunting even though you might not see successful Bug Bounty Hunting Methodology. Over time, I built a simple web Student of Bachelor of Commerce(B. ru to Mail. Com) and also I am a Bug Bounty Hunter. Find and fix vulnerabilities GitHub community articles Repositories. Also, you can find some tips, examples, and links to other tools useful 5. is designed to streamline your search for interesting information across GitHub Code Search - Search globally across all of GitHub, or scope your search to a particular repository or organization; GitLab Code Search - Advanced search for faster, more efficient search across the entire GitLab instance; Sourceforge - Complete Open-Source and Business Software Platform; grep. /EBA314E6 2014-02-18 Key fingerprint = 495D 2EB6 CD8B F2C0 C308 E373 Tips and Tutorials for Bug Bounty and also Penetration Tests. - 40 upvotes, $0 A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting - TakSec/google-dorks-bug-bounty [July 12 - $ 500] Facebook Bug bounty page admin disclose bug by Yusuf Furkan [July 04 - $ 2000] This is how I managed to win $2000 through Facebook Bug Bounty by Saugat Pokharel [July 04 - $ 500] Unremovable Co-Host in facebook page events by Ritish Kumar Singh A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting - google-dorks-bug-bounty/README. Similar to CVE-2022-31130 and CVE-2022-39201 there is still an auth token leak present in the JWT auth_token query parameter. com "example. " Java AuthMatrix "AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web Welcome to the Bug Bounty Methodology 2025 Edition!This methodology is a basic guide to help you kickstart your bug bounty journey. Topics bug vulnerability vulnerabilities bugs bugbounty ethical-hacking red-team bugcrowd hackerone red-teaming bugbountytips bugbounty-tool bugbountytricks bugbounty-reports ethical-hacker bugbounty-checklist More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. evernote. github data bug-bounty reconnaissance vulnerability-disclosure Updated Jun 22, 2024; Shell; Correia-jpv / fucking For bug bounty hunters, GitHub repositories can reveal a variety of potentially useful information. 57:8080] - Vulnerable to Jetleak; No bounty [Biz] [Mailer] Кроп любых* изображений расположенных на сервере; No bounty [mtn. Make sure you are eligible for payouts The bounty submission form utilizes HTTPS to encrypt your submission in transit to the bug bounty team. SecurityBreached-BugBounty POC. Extract the application’s package contents and review the code for vulnerabilities; Compare authentication and authorization mechanisms for the mobile and web apps of the same organization; Developers may trust data coming from the mobile app, and this could lead to IDORs or broken authentication if you use a mobile Ressources for bug bounty hunting. site:pastebin. Navigation Menu Toggle navigation. ; screenshoteer - Make website screenshots and A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups. However, GitHub does consider impersonation an account abuse issue that we take very seriously. - GiJ03/API_KeyHacks Use the GitHub issue search — check if the Collection of Facebook Bug Bounty Writeups. You switched accounts on another tab or window. json file serves as the central management system for the public bug bounty programs displayed on chaos. This is a Burp Suite extension that enables users to encrypt As always when it comes to bug bounty hunting, read the program's policy thoroughly. Markdown; HTML # More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. Sign in A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those Race Conditions in OAuth 2 API implementations to Internet Bug Bounty - 42 upvotes, $0 Oauth flow on the comments widget login can lead to the access code leakage to Ed - 40 upvotes, $0 Stealing Users OAUTH Tokens via redirect_uri to BOHEMIA INTERACTIVE a. patch links on GitHub show the raw commit diff, or give you any privileges you didn’t already have. Navigation Menu Leak of internal categorySets names and employees test accounts. Reload to refresh your session. If A repository that includes all the important wordlists used while bug hunting. Include: Title, VRT, CVSS, Description, Impact, PoC that includes all steps to reproduce, and recommended Fix. Leaking email addresses via . Enterprise-grade AI A concise collection of must-have bug bounty tools for all security enthusiasts. com - Find any Techniques / Tips and tricks for finding sensitive data exposures in Github for Penetration Testers / Bug Bounty Hunters - GitHub - osamahamad/Sensitive-Data-Exposures-with-Github: Techniques / Tips and tricks for finding sensitive data exposures in Github for Penetration Testers / Bug Bounty Hunters Find Sensitive information leaks : ( Manual Approch ) Below basic EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. Advanced Security. Write better code with AI Security. . 30. ru [46. GitHub pages, Heroku, Explore a curated collection of tools, guides, and tips for successful bug bounty hunting. Sign in Product GitHub Copilot. patch links. Contact the security team or if possible use a bug bounty platform 🐛 A list of writeups from the Google VRP Bug Bounty program - xdavidhu/awesome-google-vrp-writeups. Dept Of Defense - 9 upvotes, $0; Flash Player information disclosure (etc. security automation hacking penetration-testing bug-bounty pentesting nuclei bugbounty cve vulnerability-detection cve-scanning vulnerability-scanners security-tools bug-hunting bugbountytips bugbounty-tool nuclei-templates projectdiscovery nuclei-engine Explore powerful Google Dorks curated for bug bounty hunting. Collection of Facebook Bug Bounty Writeups. Misconfigured server settings can Search with gitleaks and trufflehog in the responses of the given URLs or in all the repos of an organization and its members. The chaos-bugbounty-list. com (A popular blog sharing site for a variety of different Bug Bounty Tricks and useful payloads and bypasses for Web Application Security. Write better code with AI Leak of internal categorySets names and employees test accounts. However, if you want to send us a vulnerability using PGP we still want you to have this option. A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. A curated collection of essential tools and scripts for bug bounty hunters and cybersecurity professionals, designed to streamline your vulnerability assessment and penetration testing. Skip to content. - rootbakar/bugbounty-toolkit. Code Leaks. It outlines the essential steps to navigate your target effectively, but the real challenge lies in identifying high-impact vulnerabilities through your own skills and creativity. 218] to Mail. It serves as a practical guide for Red Teamers, GitHub is where people build software. com. - GiJ03/API_KeyHacks. Netsec on Reddit. S. Open for contributions from others as well, so please send a pull request if you can! Content raw. Dept Of Defense - 7 upvotes, $0; Python : Add query to detect PAM authorization bypass to GitHub Security Lab - 7 upvotes, $0 Summary of almost all paid bounty reports on H1. ; Sudomy - Sudomy is a subdomain Please describe your issue in as much detail as possible: Describe what you expected should happen and what did happen. Also part of the BugBountyResources team. ru - 17 upvotes, $0; CVE-2016-6415 on api-staging. The Patch. Top disclosed reports from HackerOne. Standardization will start a race-to-the-top over the quality of bug bounty terms. The first step is to collect possibly several javascript files (more files = more paths,parameters-> more vulns)To get more js files, this depends a lot on the target, I'm one who focuses a lot in large targets, it depends also a lot on the tools that you use, I use a lot of my personal tools for this: A repository that includes all the important wordlists used while bug hunting. I was hoping these issues would at least get updates/comments, or narrowed down the causes -- #3498. Use Markdown. s. It can also save the logged data in CSV format. g. This bug was patched in This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter - vulnerability-Checklist/reset password/reset_password_checklist. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Please link any large pastes as a Github Gist. Bug Bounty World. View the Project on GitHub pwnpanda/Bug_Bounty_Reports. Contribute to 0dayhunter/Facebook-BugBounty-Writeups development by creating an account on GitHub. AI-powered developer platform Available add-ons. Contribute to grafana/bugbounty development by creating an account on GitHub. md at main · TakSec/google-dorks-bug-bounty Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. to U. Reconnaissance is the most important step in any penetration testing or a bug hunting process. projectdiscovery. Summary. Bug Bounty POC. 🐛 A list of writeups from the Google VRP Bug Bounty program - xdavidhu/awesome-google-vrp-writeups GitHub Sublist3r - Fast subdomains enumeration tool for penetration testers; Amass - In-depth Attack Surface Mapping and Asset Discovery; massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration); Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time. - Mehdi0x90/Web_Hacking. ; Sudomy - Sudomy is a subdomain Sublist3r - Fast subdomains enumeration tool for penetration testers; Amass - In-depth Attack Surface Mapping and Asset Discovery; massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration); Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. This is a compilation of various files/attack vectors/exploits that I use in penetration testing and bug bounty. This disclosed report was particularly interesting in regards to the and it mean you cannot reproduce on wayland the vision leaks, you can reproduce audio leaks though (might break down the bounty in smaller ones if there is a leak in both audio and vision) you can disable audio or vision using --disable-vision or --disable-audio Elevate your bug bounty game with our treasure trove of FREE resources! 🚀 Dive into a world of expert guides, cheat sheets, and tools to supercharge your bug hunting journey. This search engine automates the discovery of sensitive information using customized dorks across GitHub, Google, and Shodan. You signed out in another tab or window. HackTheBox: Certified Bug Bounty Hunter's Writeup by Hung Thinh Tran - GitHub - reewardius/HTB_CBBH_Writeup: HackTheBox: Certified Bug Bounty Hunter's Writeup by Hung Thinh Tran 2. roblox-bug-bounty-program Repository containing tools, scripts, and findings from the cybersecurity analysis conducted on Roblox. md at main · Az0x7/vulnerability-Checklist If you find a critical bug or vulnerability in the TON Blockchain (in the C++ code of the main repository) or TON main services (standard wallets, bridge, standard smart contracts), you can send its description and exploitation scenario and receive a reward. by Samm0uda [Feb 15 - $ 1,000] Delete linked payments accounts of a Facebook Bug Bounty write-ups and POC. - Vulnpire/bounty-search-engine. Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. net GitHub Bug Bounty. If there are specific programs for which you'd like to see reconnaissance data, please submit a pull Once standardization of bug bounty legal language is achieved, the bug bounty economy will become an alternate private legal regime in which white-hat hacking is celebrated through regulatory incentives. com" site:jsfiddle. All these articles' links are fetched from medium. When using URL LOGIN on a data-source Contribute to bikramsah/Meta--BugBounty-Writeups development by creating an account on GitHub. Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. We have confidence that this provides the confidentiality required for vulnerability submissions. Star. If someone is wrongfully impersonating you, features. Our Miscellaneous tools list includes a range of solutions, from reporting templates to security checklists, to help streamline your bug bounty process and ensure the best results. Contribute to sehno/Bug-bounty development by creating an account on GitHub. @Gwen001 has scripted the entire process available here and it can be found here. wordpress. Awesome Bug Bounty. Arbitrary Remote Leak via ImageMagick to HackerOne - 367 upvotes, $0; Hackerone is not properly deleting user Able To Check The Exact Bounty If you are beginning bug bounty hunting, you will need to know that it will take time to learn the bug hunting skills. CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks to GitHub Security Lab - 60 upvotes, $2300; Periscope iOS app CSRF in payloadartist - conceived the idea of collecting all the data in one place, created the project and wrote the extraction script. Hunting for Vulnerabilities. GitHub Advisory Database - Security vulnerability database inclusive of CVEs and GitHub originated security GitHub Issue: CORS misconfiguration: CVE-2018-1000518: Python websockets: GitHub PR: DoS via memory exhaustion when decompressing compressed data: None: Tornado: Bug Bounty Writeups. Sign in Product A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. CSWSH bugs. A bug bounty or bug bounty program is IT jargon for a reward or bounty program given for finding and reporting a bug in a particular software product. by Samm0uda bug-bounty-tips, bug-bounty-hunter, bug-bounty-program: Thu, 23 Jan 2025 03:38:03 GMT: Vulnerability Access Control Apple $50,000 bounty flaw allows att bugcrowd: Tue, 10 Dec 2024 15:26:15 GMT: Mastering Bug Bounty Recon: Essential Techniques for Ethical Hack subdomain-enumeration: Tue, 21 Jan 2025 20:55:26 GMT Saved searches Use saved searches to filter your results more quickly This page contains a streamlined methodology tailored for Bug Bounty Hunting, Web Application Penetration Testing (WAPT), and Vulnerability Assessment and Penetration Testing (VAPT). We are interested in critical PII Leak via https:// to U. Navigation Menu Hello, fellow bug bounty hunters! This repository is a collection of my personal bug bounty and security researching resources, scripts, and notes. Get started today and take your bug bounty game to the next level. com, focusing on identifying and mitigating vulnerabilities such as SQL injections and subdomain security risks. ; Sudomy - Sudomy is a subdomain This repo contains all variants of information security & Bug bounty & Penetration Testing write-up design for beginners or newcomers who are confused or don't know which keyword to search. We don’t believe that disclosing GitHub vulnerabilities to third Misconfiguration or security vulnerabilities: API keys can be leaked due to misconfiguration or security vulnerabilities of the application or server. We welcome your contributions to this list. We hope that this repository will be a valuable resource for you as you work to 💎 $200 bounty • Screenpi. Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities. Ressources for bug bounty hunting. Elevate your cybersecurity skills and contribute to a safer digital world. You can find useful information in our rules, scope, targets and Contribute to reddelexc/hackerone-reports development by creating an account on GitHub. Contribute to jaiswalakshansh/Facebook-BugBounty-Writeups development by creating an account on GitHub. com that can leak aws metadata and local file inclusion to to Internet Bug Bounty - 29 upvotes, $4920; Path Write a bug bounty report for the following reflected XSS: . Facebook Hunting POC. Software security researchers are increasingly engaging with internet companies to hunt down vulnerabilities. GitHub community articles Repositories. - djadmin/awesome-bug-bounty. Full read SSRF in www. This is my 1st blog, if you find any spelling mistakes, so please bear with me for the next few minutes. when I want to find a timing leak in Java, As always when it comes to bug bounty hunting . is pointing to a service (e. Public Bug Bounty Reports Since ~2020. - Karanxa/Bug-Bounty-Wordlists 💯February 6, 2025 - The $750 API Leak: Could This Happen to You? This repository contains Bug Bounty writeups. A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting - ronin-dojo/google-dorks-bug-bounty2 No bounty private keys exposed on the GitHub repository; $250 [185. My goal is to share useful information and tools that have helped me in my own Bug Bounty Testing Essential Guideline : Startup Bug Hunters - twseptian/bug-bounty-testing-essential-guideline-startup-bug-hunters The reset password token is leaking through the HTTP referer header This happens when user clicks at the link sent to their email and when the page is rendered with the token at the URL. For example, bypassing the 24 hour GitHub’s Bug Bounty program is designed to both reward individual researchers and increase the security of all GitHub users. pe Steps to solve: Start working: Comment /attempt #1269 with your implementation plan; Submit work: Create a pull request including /claim #1269 in the PR body to claim the bounty; Receive payment: 100% of the bounty is received 2-5 days post-reward. It provides an attacker More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. - Karanxa/Bug-Bounty-Wordlists Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too. Hi team! This is my first attempt at a report on your new bug bounty program (I got an invite after my report leading up to CVE-2022-31130), I hope I am doing this the right way :). wces yyezm idygvy ekyft jhwhiy hnid xsje lkgm hpyl zpybx jbwfe tdqkuj pzatne gcveik lwta