crash.software
Projects
Pull Requests
Issues
Builds
Resources-for-Beginner-Bug-Bounty-Hunters
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Resources-for-Beginner-Bug-Bounty-Hunters Commits eb7d382a
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    assets/blogposts.md
    skipped 15 lines
    16 16  - [HTTP Desync](#HTTP-Desync)
    17 17  - [File Upload](#File-Upload)
    18 18  - [Automation](#Automation)
     19 +- [Buffer Overflow](#Buffer-Overflow)
     20 +- [IDOR](#IDOR)
    19 21  - [Misc](#Misc)
    20 22  ## XSS
    21 23  You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
    skipped 1 lines
    23 25  - [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) - by LiveOverflow
    24 26   - [The Fix](https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa)
    25 27  - [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - by [Sam Curry](https://twitter.com/samwcyo)
     28 +- [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - by [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
     29 +- [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - by [@Qab](https://twitter.com/qab)
    26 30  ### DOM XSS
    27 31  - https://hackerone.com/reports/297968
    28 32  - https://hackerone.com/reports/168165
    skipped 50 lines
    79 83   
    80 84  ## Buffer Overflow
    81 85  - [Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty](https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/) - by [Sam Curry](https://twitter.com/samwcyo)
     86 + 
     87 +## IDOR
     88 +- [Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method](https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html) - by [Vijay Kumar ](https://twitter.com/IndoAppSec)
     89 +- [GraphQL IDOR leads to information disclosure](https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d) - by [@R0X4R](https://twitter.com/R0X4R)
    82 90   
    83 91  ## Misc
    84 92  - [Writing a Simple Buffer Overflow Exploit](https://www.youtube.com/watch?v=oS2O75H57qU) - by LiveOverflow
    skipped 6 lines
Please wait...
Page is in error, reload to recover