Skip to content

Bug Bounty Reference

Cross-Site Scripting (XSS)

Brute Force

SQL Injection

Stealing Access Token

Google oauth bypass

CSRF

Remote Code Execution

Deserialization

- Java Deserialization in manager.paypal.com by Michael Stepankin - Instagram's Million Dollar Bug by Wesley Wineberg - (Ruby Cookie Deserialization RCE on facebooksearch.algolia.com by Michiel Prins (michiel) - Java deserialization by meals

Image Tragick

- Exploiting ImageMagick to get RCE on Polyvore (Yahoo Acquisition) by NaHamSec - Exploting ImageMagick to get RCE on HackerOne by c666a323be94d57 - Trello bug bounty: Access server's files using ImageTragick by Florian Courtial - 40k fb rce - Yahoo Bleed 1 - Yahoo Bleed 2

Direct Object Reference (IDOR)

XXE

Unrestricted File Upload

Server Side Request Forgery (SSRF)

Race Condition

Business Logic Flaw

Authentication Bypass

HTTP Header Injection

Subdomain Takeover

XSSI

Money Stealing

2017 Local File Inclusion

Miscellaneous