Monthly List of blogs, To community from community [MARCH]
List of blogs which I found worth reading (Latest writups, Old writeup, Tools). Specially for bug bounty hunters.
-To all authors
Thanks a lot for writing and sharing🙏
https://hackerone.com/reports/548094
https://medium.com/@ozguralp/using-vulnerability-analytics-feature-like-a-boss-655fc1f1543b
https://hackerone.com/reports/736867
https://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun
https://hackerone.com/reports/100820
https://vimeo.com/291312866
https://whitton.io/articles/messenger-site-wide-csrf
https://hackerone.com/reports/737140
https://medium.com/@sw33tlie/finding-a-p1-in-one-minute-with-shodan-io-rce-735e08123f52
https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack
https://ngailong.wordpress.com/2017/08/07/uber-login-csrf-open-redirect-account-takeover
https://0xdf.gitlab.io/2019/03/09/htb-ethereal-shell.html
https://www.adamlogue.com/turning-blind-rce-into-good-rce-via-dns-exfiltration-using-collabfiltrator-burp-plugin
https://medium.com/bugbountywriteup/bounty-tip-how-to-push-injection-through-json-xml-stubs-for-api-699f4959fc5
https://httpsonly.blogspot.com/2016/08/turning-self-xss-into-good-xss-v2.html
https://github.com/evait-security/envizon
https://github.com/Dormidera/WordList-Compendium
https://hackerone.com/reports/713
https://projectdiscovery.io ---> https://github.com/projectdiscovery/shuffledns
https://medium.com/sourav-sahana/razer-mobile-pin-verification-bypass-1k-bug-2eb1485796b3
https://medium.com/a-bugz-life/the-bugs-are-out-there-hiding-in-plain-sight-12d056613ea3
https://hackersonlineclub.com/command-injection-cheatsheet/
https://github.com/m4ll0k/AWSGen.py
https://medium.com/swlh/proxying-like-a-pro-cccdc177b081
https://github.com/saeeddhqan/Maryam
https://medium.com/bugbountywriteup/account-take-over-vulnerability-in-google-acquisition-famebit-e93b1a0a7af9
https://portswigger.net/bappstore/17544cadcec64dcf8ed68df8518592e4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
http://yasserali.com/hacking-paypal-accounts-with-one-click
https://github.com/thewhiteh4t/finalrecon
-To all authors
Thanks a lot for writing and sharing🙏
01-03-2020:
https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bountyhttps://hackerone.com/reports/548094
https://medium.com/@ozguralp/using-vulnerability-analytics-feature-like-a-boss-655fc1f1543b
https://hackerone.com/reports/736867
https://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun
https://hackerone.com/reports/100820
05-03-2020:
https://www.ehackingnews.com/2020/03/google-rewards-100000-in-bug-bounty.html
https://vimeo.com/291312866
https://whitton.io/articles/messenger-site-wide-csrf
https://hackerone.com/reports/737140
https://medium.com/@sw33tlie/finding-a-p1-in-one-minute-with-shodan-io-rce-735e08123f52
https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack
10-03-2020
http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2
https://ngailong.wordpress.com/2017/08/07/uber-login-csrf-open-redirect-account-takeover
https://0xdf.gitlab.io/2019/03/09/htb-ethereal-shell.html
https://www.adamlogue.com/turning-blind-rce-into-good-rce-via-dns-exfiltration-using-collabfiltrator-burp-plugin
https://medium.com/bugbountywriteup/bounty-tip-how-to-push-injection-through-json-xml-stubs-for-api-699f4959fc5
https://httpsonly.blogspot.com/2016/08/turning-self-xss-into-good-xss-v2.html
15-03-2020:
https://medium.com/@mrnikhilsri/unauthenticated-account-takeover-through-http-leak-33386bb0ba0bhttps://github.com/evait-security/envizon
https://github.com/Dormidera/WordList-Compendium
https://hackerone.com/reports/713
https://projectdiscovery.io ---> https://github.com/projectdiscovery/shuffledns
https://medium.com/sourav-sahana/razer-mobile-pin-verification-bypass-1k-bug-2eb1485796b3
20-03-2020:
https://hackerone.com/reports/604534https://medium.com/a-bugz-life/the-bugs-are-out-there-hiding-in-plain-sight-12d056613ea3
https://hackersonlineclub.com/command-injection-cheatsheet/
https://github.com/m4ll0k/AWSGen.py
https://medium.com/swlh/proxying-like-a-pro-cccdc177b081
https://github.com/saeeddhqan/Maryam
25-03-2020:
https://hackerone.com/reports/314808https://medium.com/bugbountywriteup/account-take-over-vulnerability-in-google-acquisition-famebit-e93b1a0a7af9
https://portswigger.net/bappstore/17544cadcec64dcf8ed68df8518592e4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
http://yasserali.com/hacking-paypal-accounts-with-one-click
https://github.com/thewhiteh4t/finalrecon
Comments
Post a Comment