Resources-for-Beginner-Bug-Bounty-Hunters

Vulnerabilities 💉

This page is created to help hackers understand a specific vulnerability type in details. If you would like to read blog posts and see example vulnerability, please read the blog posts page

Online Resources

• Owasp Top 10
• OWASP Testing Guide v4
• Bug Bounty Cheat Sheets - by EdOverflow

Cross-Site Scripting (XSS)

As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.

• Hacker101
• OWASP XSS
• A comprehensive tutorial on cross-site scripting
• Google Application Security (XSS Guide)
• What is PHP and why is XSS so common there? - by LiveOverflow
• Finding Your First Bug: Cross Site Scripting (XSS) - by InsiderPhD
• The 7 main XSS cases everyone should know - brutelogic
• Cross-Site Scripting (XSS) Explained - by PwnFunction

Cross-Site Request Forgery (CSRF)

• Cross-Site Request Forgery Attack - by PwnFunction
• CSRF-Basics - by Princethilak
• Finding Your First Bug: Cross-Site Request Forgery - by Insider PhD

XML External Entities (XXE)

• XML External Entities ft. JohnHammond - by PwnFunction

Insecure Direct Object Reference (IDOR)

• Insecure Direct Object Reference Vulnerability - by PwnFunction
• Finding Your First Bug: Manual IDOR Hunting - by Insider PhD
• Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - by STÖK & Fisher

Open Redirect

• Open Redirect Vulnerability - by PwnFunction

HTTP Parameter Pollution

• HTTP Parameter Pollution Attacks - by PwnFunction

Logic Errors

• Finding Your First Bug: Business Logic Errors - by InsiderPhD

Remote Code Execution

• Finding Your First Bug: Goal Setting / Remote Code Execution (RCE) - by InsiderPhD

back to Intro Page