This repository contains references to all the relevant reports w.r.t Owasp Top 10 vulnerabilities and many more.
Each attack and report will be provided a use case against which it'll be applicable to save time for viewers.
Key:
π: Description
π: A basic IDOR in zomato application which the attacker could use to view saved paymed info of other users through id manipulation.
π: A basic IDOR on an API endpoint which the attacker can use to extract PII through id manipulation and the author used automation script to develop an interesting POC.
π: An interesting case of IDOR, that used timestamp (which can be manipulated) as the second source of validation but failed to validate authorization token, thus, leading to account takeover.
π: A basic IDOR on an API endpoint through method manipulation.
π: A simple case of IDOR throuh UUID manipulation. The API endpoint was retrieved through a hidden JS file using an interesting recon methodology.
π: A simple case, where a user who is admin is downgraded from the role but still has the rights to perform user deletion.
π: A couple of simple BAC vulnerabilities on API endpoints, one was the token still being active even after the user's removal. Second was request parameter manipulation when generating the token for additional rights.
π: A basic case of IDOR where when the JWT token was removed, the API was giving all the user's data.
π:
π: A simple case of IDOR to retrieve background ID and then exploit broken access control to view reports. The enumeration in this report is good.
π: Interesting case of extracting sensitive info through GraphQL for IDOR.
π:
https://medium.com/@mahdisalhi0500/finding-my-first-bug-the-power-of-understanding-website-logic-%EF%B8%8F-4197dd08cf29
https://medium.com/@rawansa3ed2002/race-condition-exploit-enables-free-plan-users-to-access-premium-features-9619d0fa0a53
https://siratsami71.medium.com/1500-worth-slack-vulnerability-bypass-invite-accept-process-8204e5431d52
π: A basic case of bruteforcing credentials. Tedious (because of recon and then individually attacking each subdomain) but rewarding task.
π: OTP bypass via response manipulation.
π: A simple case of broken JWT mechanism where using the JSON Web Tokens extension in Burp, the attacker could change the uid of the user to bump their role to admin.
π: A simple case of parameter manipulation in response to bump the user's role to admin.
π: A case of improperly implemented Google Oauth in an app, that could be leveraged to generate login link for any email id.
π: A simple case of password reset token working in the case of other emails as well due to which attacker is successfully able to change the password of the victim.
π: A very interesting case of emailing the victim through automated email in Figma and signing them up.
π: A simple case of change victim's password through forgot password link where the token wasn't verifying.
π: A simple case of oauth bypass where if the email is signed up manually, it'll log you in through Oauth as well.
π: A simple yet interesting case of Email Verification bypass where CSRF token and Session ID were used.
https://medium.com/@cvjvqmmsm/easy-bug-how-i-uncovered-and-re-exploited-a-resolved-vulnerability-from-a-disclosed-report-ab2211a98b7b
https://0d-amr.medium.com/account-takeover-how-i-gained-access-to-any-user-account-through-a-simple-registration-flaw-96f9f6bdc0ae
https://medium.com/@mrcix/bypass-of-username-policy-breaking-the-rules-with-a-simple-trick-fcf7ce97925c
https://1-day.medium.com/an-idor-and-auth-bypass-that-led-to-mass-account-takeover-ksfe-db04cec8d730
https://freedium.cfd/https://medium.com/@sharp488/critical-account-takeover-mfa-auth-bypass-due-to-cookie-misconfiguration-3ca7d1672f9d
π: An interesting XSS case where payload is injected through declaration of a variable.
π: A stored XSS was found of bing when uploading a video on it. The most interesting part was, a simple <script> tag was used to trigger the payload.
π: An interesting case of character whitelist bypass to achieve RXSS.
π:
π:
π:
https://cybersecuritywriteups.com/how-an-html-injection-vulnerability-in-samsung-emails-led-to-a-payday-3dcfccc12a36
https://medium.com/@0xw01f/they-ignored-my-bug-report-but-fixed-it-silently-my-experience-with-enhancv-a8ffe5e3e790
https://cyb3rc4t.medium.com/stored-xss-privilege-escalation-in-profile-field-private-program-2bdde55e34b2
π: An
π: An
π: An
https://medium.com/@iPsalmy/exploiting-csrf-and-otp-reuse-how-weak-token-management-enables-password-reset-attacks-leading-to-c2f6b914f398
π: An
π: A simple case of Information Disclosure through google dorks.
π: A simple case of API Key disclosure but interesting case of privelege escalation through recon.
https://sushantdhopat.medium.com/i-just-doing-recon-on-bugcrowd-public-program-and-was-trying-to-find-an-information-disclosure-on-99939e92732d
https://freedium.cfd/https://infosecwriteups.com/how-i-earned-650-using-just-recon-a-bug-hunters-success-story-4d78788e46a5
https://cybersecuritywriteups.com/unveiling-a-critical-bug-in-one-of-the-worlds-largest-banks-my-barclays-story-34a9fb5f5140
https://infosecwriteups.com/how-sensitive-information-disclosure-can-lead-to-account-takeover-vulnerabilities-4d18d2a3711d
https://infosecwriteups.com/critical-security-findings-at-the-university-of-cambridge-a-methodology-for-detecting-exposed-02df63976710
https://medium.com/@coyemerald/how-i-found-a-critical-p1-bug-in-one-of-googles-products-with-google-1c11352eba6f
https://freedium.cfd/https://medium.com/@alishoaib5929/bug-bounty-series-found-an-api-key-by-just-running-simple-tool-c308a3a89ad8
https://medium.com/@kirtanpatel9111998/how-i-was-able-to-find-easy-p1-just-by-doing-recon-fdef0c689362
https://infosecwriteups.com/from-recon-via-censys-and-dnsdumpster-to-getting-p1-by-login-using-weak-password-password-504e617956ce
π: In this Defcon talk by Lupin, he discusses multiple types of DOS from easy to complex exploits.
π: A simple case of D.C where an npm package was found in recon that was claimable. The POC is easy to understand.
π:
π: An interesting case of Template injection in zendesk in the subject body of the form.
π: A simple case of Command Injection via File Upload.
π:
https://c0nqr0r.medium.com/error-based-sql-injection-with-waf-bypass-manual-exploit-100-bab36b769005
https://infosecwriteups.com/how-i-leveraged-html-injection-to-create-an-account-using-someone-elses-email-b80f83ab9465
https://medium.com/@pawarpushpak36/bug-bounty-chronicles-exploiting-the-put-method-for-remote-code-execution-rce-c2782bea61da
https://freedium.cfd/https://th3m4rk5man.medium.com/bypassed-an-admin-panel-using-sql-payloads-37529331aa1c
π: A simple case of subdomain takeover of the domain discovered through recon.
π: A simple case of subdomain takeover with interesting recon.
π: ATO via open redirect. The recon is simple and effective.
π: A simple case of Race Condition through executing multiple requests at the same time.
https://medium.com/@Nightblood/a-beautiful-bug-interesting-url-scheme-bypass-race-condition-61109771a250
π: