Bug Bounty Hunting

  1. Web Application Vulnerabilities
    1. Injection Vulnerabilities
      1. SQL Injection
        1. In-Band SQL Injection
          1. Error-Based Injection
            1. Union-Based Injection
              1. Boolean-Based Blind Injection
              2. Time-Based Blind SQL Injection
                1. Delay Techniques
                  1. Response Time Analysis
                  2. Out-of-Band SQL Injection
                    1. DNS Exfiltration
                      1. HTTP Requests
                      2. Database-Specific Techniques
                        1. MySQL Injection
                          1. PostgreSQL Injection
                            1. MSSQL Injection
                              1. Oracle Injection
                            2. NoSQL Injection
                              1. MongoDB Injection
                                1. Authentication Bypass
                                  1. Data Extraction
                                  2. CouchDB Injection
                                    1. Redis Injection
                                    2. Command Injection
                                      1. OS Command Injection
                                        1. Direct Command Execution
                                          1. Command Chaining
                                          2. Blind Command Injection
                                            1. Time-Based Detection
                                              1. Out-of-Band Detection
                                            2. LDAP Injection
                                              1. Authentication Bypass
                                                1. Information Disclosure
                                                2. XPath Injection
                                                  1. XML Data Extraction
                                                    1. Authentication Bypass
                                                  2. Cross-Site Scripting (XSS)
                                                    1. Reflected XSS
                                                      1. URL Parameter Injection
                                                        1. Form Input Injection
                                                          1. HTTP Header Injection
                                                          2. Stored XSS
                                                            1. Database Storage
                                                              1. File System Storage
                                                                1. Log File Injection
                                                                2. DOM-Based XSS
                                                                  1. Client-Side Vulnerabilities
                                                                    1. JavaScript Sink Analysis
                                                                    2. XSS Filter Bypass
                                                                      1. Encoding Techniques
                                                                        1. Polyglot Payloads
                                                                          1. Context-Specific Bypasses
                                                                        2. Authentication and Session Vulnerabilities
                                                                          1. Broken Authentication
                                                                            1. Credential Stuffing
                                                                              1. Password Spraying
                                                                                1. Brute Force Attacks
                                                                                2. Session Management Flaws
                                                                                  1. Session Fixation
                                                                                    1. Session Hijacking
                                                                                      1. Insecure Session Storage
                                                                                      2. Multi-Factor Authentication Bypass
                                                                                        1. SMS Interception
                                                                                          1. TOTP Manipulation
                                                                                            1. Backup Code Abuse
                                                                                            2. JWT Vulnerabilities
                                                                                              1. Algorithm Confusion
                                                                                                1. Key Confusion
                                                                                                  1. Token Manipulation
                                                                                                    1. Signature Bypass
                                                                                                  2. Access Control Vulnerabilities
                                                                                                    1. Broken Access Control
                                                                                                      1. Vertical Privilege Escalation
                                                                                                        1. Horizontal Privilege Escalation
                                                                                                          1. Function-Level Access Control
                                                                                                          2. Insecure Direct Object References
                                                                                                            1. Numeric IDOR
                                                                                                              1. GUID IDOR
                                                                                                                1. Encoded IDOR
                                                                                                                2. Path Traversal
                                                                                                                  1. Directory Traversal
                                                                                                                    1. File Inclusion Vulnerabilities
                                                                                                                      1. Local File Inclusion
                                                                                                                        1. Remote File Inclusion
                                                                                                                      2. Missing Authorization
                                                                                                                        1. Administrative Function Access
                                                                                                                          1. API Endpoint Access
                                                                                                                        2. Security Misconfiguration
                                                                                                                          1. Default Configurations
                                                                                                                            1. Default Credentials
                                                                                                                              1. Default Settings
                                                                                                                              2. Information Disclosure
                                                                                                                                1. Verbose Error Messages
                                                                                                                                  1. Debug Information
                                                                                                                                    1. Source Code Exposure
                                                                                                                                    2. Unprotected Resources
                                                                                                                                      1. Administrative Interfaces
                                                                                                                                        1. Configuration Files
                                                                                                                                          1. Backup Files
                                                                                                                                          2. Cloud Storage Misconfigurations
                                                                                                                                            1. AWS S3 Bucket Permissions
                                                                                                                                              1. Azure Blob Storage
                                                                                                                                                1. Google Cloud Storage
                                                                                                                                              2. Cross-Site Request Forgery (CSRF)
                                                                                                                                                1. GET-Based CSRF
                                                                                                                                                  1. POST-Based CSRF
                                                                                                                                                    1. CSRF Token Bypass
                                                                                                                                                    2. Server-Side Request Forgery (SSRF)
                                                                                                                                                      1. Internal Network Access
                                                                                                                                                        1. Cloud Metadata Access
                                                                                                                                                          1. Port Scanning via SSRF
                                                                                                                                                            1. Protocol Smuggling
                                                                                                                                                            2. Deserialization Vulnerabilities
                                                                                                                                                              1. Insecure Deserialization
                                                                                                                                                                1. Remote Code Execution
                                                                                                                                                                  1. Object Injection
                                                                                                                                                                  2. Language-Specific Issues
                                                                                                                                                                    1. Java Deserialization
                                                                                                                                                                      1. PHP Object Injection
                                                                                                                                                                        1. Python Pickle Vulnerabilities
                                                                                                                                                                      2. Business Logic Vulnerabilities
                                                                                                                                                                        1. Race Conditions
                                                                                                                                                                          1. Time-of-Check Time-of-Use
                                                                                                                                                                            1. Concurrent Request Handling
                                                                                                                                                                            2. Price Manipulation
                                                                                                                                                                              1. Negative Values
                                                                                                                                                                                1. Integer Overflow
                                                                                                                                                                                2. Workflow Bypass
                                                                                                                                                                                  1. Step Skipping
                                                                                                                                                                                    1. State Manipulation
                                                                                                                                                                                    2. Rate Limiting Bypass
                                                                                                                                                                                      1. IP Rotation
                                                                                                                                                                                        1. Header Manipulation

                                                                                                                                                                                    Previous

                                                                                                                                                                                    5. Reconnaissance and Information Gathering

                                                                                                                                                                                    Go to top

                                                                                                                                                                                    Next

                                                                                                                                                                                    7. Mobile Application Security