Search
Home / Bug Bounty Related [PDF]

Bug Bounty Related [PDF]

  • 0 0 0
  • Suka dengan makalah ini dan mengunduhnya? Anda bisa menerbitkan file PDF Anda sendiri secara online secara gratis dalam beberapa menit saja! Sign Up

Bug Bounty Related [PDF]

 

 

Bug Hunting Notes 

- Mayank Yadav 

@yadavmayank742 

 

 

Platforms:-  ❏HackerOne  ❏Bugcrowd  ❏Synack  ❏Detect

17 0 170 KB

Report DMCA / Copyright

DOWNLOAD FILE

Bug Bounty Hunting Essentials PDF
Bug Bounty Hunting Essentials PDF

4 0 8 MB Read more

Age Related Cataract
Age Related Cataract

0 0 2 MB Read more

Drug Related Problem
Drug Related Problem

0 0 437 KB Read more

Bug Indosat Edukasi 24jan2022 (SFILE
Bug Indosat Edukasi 24jan2022 (SFILE

0 0 12 KB Read more

REFERAT Age Related Macular Degeneration
REFERAT Age Related Macular Degeneration

2 0 1 MB Read more

Kumpulan Bug All Operator V 2
Kumpulan Bug All Operator V 2

0 0 122 KB Read more

Kumpulan Bug All Operator V 1
Kumpulan Bug All Operator V 1

0 0 148 KB Read more

Referat Somatic Symptom Disorder and Related Disorders
Referat Somatic Symptom Disorder and Related Disorders

0 0 559 KB Read more

Full Bug Ilmu Pedia Edukasi (Sfile
Full Bug Ilmu Pedia Edukasi (Sfile

2 0 15 KB Read more

Identifikasi Drug Related Problems (DRP'S)
Identifikasi Drug Related Problems (DRP'S)

2 0 471 KB Read more

File loading please wait...
Citation preview

 



 



Bug Hunting Notes 



- Mayank Yadav 



@yadavmayank742 



 



 



Platforms:-  ❏HackerOne  ❏Bugcrowd  ❏Synack  ❏Detectify  ❏Cobalt  ❏Open Bug Bounty  ❏Zerocopter  ❏YesWeHack  ❏HackenProof  ❏Vulnerability Lab  ❏FireBounty  ❏Bugbounty.jp  ❏AntiHack  ❏Intigrity  ❏SafeHats  ❏RedStorm  ❏Cyber Army ID  ❏Yogosha     



- Mayank Yadav 



@yadavmayank742 



 



#Airbnb:-    https://link.medium.com/eC4n4GTUN3     https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-re direct​ ​https://arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft     https://buer.haus/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airb nb-messages/     https://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-interpolation-led-to-remote-code-exec ution/     https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request -forgery-ssrf-via-liveperson-chat     https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-aud itor-turns-into-eight-vulnerabilities                                 



 



  - Mayank Yadav 



@yadavmayank742 



 



#XSS:-    https://link.medium.com/j1cgHbZpq3     https://link.medium.com/q9eeokp2J3     https://link.medium.com/5zdO3gPEw3     https://link.medium.com/vwwEcNQEw3     https://link.medium.com/TH0sHaq2J3     https://link.medium.com/njXx6sq2J3     https://victoni.github.io/bug-hunting-xss-on-cookie-popup-warning     https://gauravnarwani.com/cookie-worth-a-fortune     https://link.medium.com/bx6lLPq2J3     https://link.medium.com/3khM76q2J3     https://footstep.ninja/posts/exploiting-self-xss    https://leucosite.com/Edge-Chromium-EoP-RCE     https://jinone.github.io/bugbounty-a-dom-xss     https://link.medium.com/g3MwS6YVK2     https://payatu.com/blog/nikhil-mittal/firefox-ios-qr-code-reader-xss-(cve-2019-17003)     https://link.medium.com/zbFw7qxe92     https://evanricafort.blogspot.com/2019/12/html-injection-to-xss-bypass-in.html     https://hackerinside.me/2019/12/xss-like-pro.html  



- Mayank Yadav 



@yadavmayank742 



    https://link.medium.com/u8JQ7mdoe3     https://ysamm.com/?p=343 



- Mayank Yadav 



@yadavmayank742 



 



 



#SOP bypass:-   



{​S​ame ​O​rigin ​Po ​ licy} 



  SOP Bypass via browser-cache  https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache     Exploiting a Microsoft Edge Vulnerability to Steal Files  https://netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file     Google sites and exploiting same origin policy  ​https://link.medium.com/RejU1vJyI3  https://thehackerblog.com/reading-your-emails-with-a-readwrite-chrome-extension-same-originpolicy-bypass-8-million-users-affected/index.html    



- Mayank Yadav 



@yadavmayank742 



 



#CSRF:-     https://santuysec.com/2020/01/21/google-bug-bounty-csrf-in-learndigital-withgoogle-com     https://link.medium.com/cMm5RBzqH3     https://link.medium.com/Gg2BkPzqH3     https://link.medium.com/vZ6kv6zqH3     https://link.medium.com/NYlc5kcIw3     https://link.medium.com/qE0NmPAqH3     https://link.medium.com/jnPy23AqH3     https://link.medium.com/mDuIOdiWx3     https://noobe.io/articles/2019-10/xss-to-account-takeover     https://smaranchand.com.np/2019/10/an-inconsistent-csrf     link.medium.com/iksNv4eE82     https://link.medium.com/PE19FA9hc3     https://link.medium.com/oLkYeC6x42     https://link.medium.com/vA7NjZ27e3     https://link.medium.com/mEs4Wt37e3     https://smaranchand.com.np/2019/10/an-inconsistent-csrf     https://blog.darabi.me/2019/12/instagram-delete-media-csrf.html     https://rafiem.github.io/bugbounty/tokopedia/site-wide-csrf-graphql  



- Mayank Yadav 



@yadavmayank742 



    https://link.medium.com/fiI1MNg8e3 



- Mayank Yadav 



@yadavmayank742 



 



#Password reset flaw:-    https://link.medium.com/OVvYaKLng3​ ​https://link.medium.com/HZpTPtR2F3     https://link.medium.com/bpYhuYR2F3​ ​https://link.medium.com/5PnwoRS2F3     https://link.medium.com/A67jqlT2F3​ ​https://thezerohack.com/hack-instagram-again     https://ninadmathpati.com/how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty     https://link.medium.com/MgdJoyY2F3​ h ​ ttps://link.medium.com/iRVWjs02F3     https://link.medium.com/roeUih12F3     



- Mayank Yadav 



@yadavmayank742 



 



#Parameter tampering:-     https://blog.securitybreached.org/2020/01/26/improper-input-validation-add-custom-text-and-u rls-in-sms-send-by-snapchat-bug-bounty-poc     https://b3nac.com/posts/2019-09-02-Spear-Texting-Via-Parameter-Injection.html     https://link.medium.com/rkcIUvhuD3​ h ​ ttps://link.medium.com/8tXuo2juD3     https://link.medium.com/a6yLwgkuD3     https://blog.avatao.com/How-I-could-steal-your-photos-from-Google     https://link.medium.com/eyxLrykuD3​ h ​ ttps://link.medium.com/cgg3NLkuD3     https://link.medium.com/MZP6o1kuD3​ h ​ ttps://link.medium.com/ztkAjeluD3    



- Mayank Yadav 



@yadavmayank742 



 



#Subdomain Takeover:-    https://link.medium.com/a61eAt5mC3     https://smaranchand.com.np/2019/12/subdomain-takeover-via-pantheon     https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html     https://mohamedharon.com/2019/11/subdomain-takeover-via.html     https://mohamedharon.com/2019/09/how-i-able-to-takeover-10-subdomains-in.html     https://blog.usejournal.com/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redi rect-b5be4906e1a4     https://blog.takemyhand.xyz/2019/05/escalating-subdomain-takeovers-to-steal.html     https://link.medium.com/VBwF4s6mC3     https://mohamedharon.com/2019/02/subdomain-aws-s3-buckets-reader.html     https://safetydetectives.com/blog/microsoft-outlook    



- Mayank Yadav 



@yadavmayank742 



 



#Unrestricted file upload:-    https://link.medium.com/sILCWr8xB3​ ​https://link.medium.com/V8SdaJ8xB3     https://noobe.io/articles/2019-09/exploiting-cookie-based-xss-by-finding-rce     https://link.medium.com/6qTQZwayB3     https://anotherhackerblog.com/exploiting-file-uploads-pt-2     https://link.medium.com/1wFiIWayB3​ ​https://link.medium.com/5rv5CbbyB3     https://mustafakemalcan.com/asus-rce-vulnerability-on-rma-asus-europe-eu     https://link.medium.com/jFGhtvbyB3​ h ​ ttps://link.medium.com/fRfag0byB3 



- Mayank Yadav 



@yadavmayank742 



 



 



#Paypal:-    https://link.medium.com/IKr9j5QEw3     https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html     https://link.medium.com/MpeA50gDx3     https://portswigger.net/research/bypassing-csp-with-policy-injection     https://link.medium.com/jDp3WkkDx3​ ​https://link.medium.com/LIW2fGkDx3     https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-p aypal-case-study     https://wesecureapp.com/2018/05/26/persistent-xss-to-steal-passwords-paypal     https://link.medium.com/Ef0m3UmDx3​ h ​ ttps://link.medium.com/Mz4S4EoDx3     link.medium.com/fxCdDmwl52     https://link.medium.com/8TCKRFCUg3     https://link.medium.com/wQMOg7Ded3     https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html     https://link.medium.com/67GX2sHUg3     https://link.medium.com/Z3gCzQHUg3     https://link.medium.com/vxMjqYJUg3     https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-p aypal-case-study    



- Mayank Yadav 



@yadavmayank742 



 



#HTML injection:-    https://link.medium.com/v3JTSS7Hw3     https://footstep.ninja/posts/html-injection-in-email     https://link.medium.com/NYlc5kcIw3     https://blog.ripstech.com/2019/wordpress-csrf-to-rce     https://link.medium.com/muvJmWfIw3     https://link.medium.com/CtSNLvWXp3     https://link.medium.com/xBjzJonIw3     https://link.medium.com/dK9FDRlIw3     https://link.medium.com/TIRN1NoIw3     https://link.medium.com/MpQKjzoIw3    footstep.ninja/posts/html-injection-in-email/     https://evanricafort.blogspot.com/2019/12/html-injection-to-xss-bypass-in.html     https://link.medium.com/oLkYeC6x42     https://evanricafort.blogspot.com/2019/07/html-injection-in-clause-email.html     https://link.medium.com/6UDFSD8x42     https://link.medium.com/iOOk5Q8x42     https://link.medium.com/6li2fVyKR2     https://link.medium.com/AjUPS6dy42   



- Mayank Yadav 



@yadavmayank742 



 



#XSSI:-    Write-ups Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty  https://link.medium.com/g3MwS6YVK2     The Bug That Exposed Your PayPal Password   https://link.medium.com/fxCdDmwl52     Yahoo — Two XSSi vulnerabilities   https://link.medium.com/jFkPeGsUv3   



- Mayank Yadav 



@yadavmayank742 



 



#HTTP Request Smuggling:-    HTTP Request Smuggling + IDOR   https://hipotermia.pw/bb/http-desync-idor     Account takeover via HTTP Request Smuggling   https://hipotermia.pw/bb/http-desync-account-takeover     HTTP Request Smuggling (CL.TE)  https://memn0ps.github.io/2019/09/13/HTTP-Request-Smuggling-CL-TE.html     Write up of two HTTP Requests Smuggling  https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d 



- Mayank Yadav 



@yadavmayank742 



 



 



#SSRF:-    https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdri ver     https://link.medium.com/Xbz6t9O2r3     https://link.medium.com/YHLYBsQ2r3     https://link.medium.com/IuBvi3Q2r3     https://link.medium.com/0RczPuR2r3     https://link.medium.com/CRffZUR2r3     https://link.medium.com/h4I5fpS2r3     https://link.medium.com/h3f0yHLEh3     https://link.medium.com/NOYWViSSg3     ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver     https://link.medium.com/yGqiCKIoA2     https://link.medium.com/zxEYgRFOX2     https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/     https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html     https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html     https://link.medium.com/CU6NUXOOX2    



- Mayank Yadav 



@yadavmayank742 



 



#Logic flaw:-    https://link.medium.com/5GjfwRMil3     https://link.medium.com/4aLBAQDSq3     https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i     https://link.medium.com/WlQhawESq3     https://link.medium.com/omB5M1ESq3     https://inputzero.io/2019/09/telegram-privacy-fails-again.html     https://link.medium.com/7DHOeFFSq3     https://link.medium.com/7IuhWgGSq3     https://kntx.xyz/Bypassing-Nickname-Feature     https://link.medium.com/s89thfHSq3     



- Mayank Yadav 



@yadavmayank742 



 



#Privilege Escalation:-     https://link.medium.com/9EK64aZ0p3     https://link.medium.com/i3r0isZ0p3     https://link.medium.com/RaArwKZ0p3     https://link.medium.com/z3lGkZZ0p3    https://shawarkhan.com/2019/08/leveraging-angularjs-based-xss-to-privilege-escalation.html     https://link.medium.com/C8SKRh00p3     https://whitehatfamilyguy.blogspot.com/2019/06/google-adwordsprivilege-escalation-read.htm  l     https://link.medium.com/SvC3cI00p3     https://gauravnarwani.com/priv-esc-highest-admin    



- Mayank Yadav 



@yadavmayank742 



 



#2 FA Bypass:-    ​https://link.medium.com/hDvuiOXDi3     https://link.medium.com/PE19FA9hc3     https://link.medium.com/o4WG060Di3     https://link.medium.com/Cm21UD1Di3     https://link.medium.com/b95OsX1Di3     https://link.medium.com/EZpU6n5Di3     https://link.medium.com/oSt1JF5Di3     https://link.medium.com/WRFcVX5Di3     https://link.medium.com/QeIuM5yk02     https://gauravnarwani.com/two-factor-authentication-bypass  



- Mayank Yadav 



@yadavmayank742 



 



 



#Open redirect:-    https://link.medium.com/zX7RbLvod3     https://link.medium.com/Ilv9X4vod3     https://link.medium.com/9l7R7mwod3     https://link.medium.com/0TM7iFwod3     https://link.medium.com/2ZYUGTwod3     https://blog.usejournal.com/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redi rect-b5be4906e1a4     https://burninatorsec.blogspot.com/2019/07/microsoft-id-open-redirect.html     https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-re direct/   



- Mayank Yadav 



@yadavmayank742 



 



#IDOR:-    footstep.ninja/posts/idor-via-http     https://footstep.ninja/posts/exploiting-self-xss     https://indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html     https://hipotermia.pw/bb/http-desync-idor     https://footstep.ninja/posts/idor-via-websockets     https://link.medium.com/zItpt0Epb3     https://link.medium.com/SSgmMkEpb3     https://link.medium.com/qYX2VpCu92     https://link.medium.com/utfrIQFpb3     https://link.medium.com/kaqyU5Fpb3    



- Mayank Yadav 



@yadavmayank742 



 



#SQLi:-    strynx.org/insecure-crypto-code-execution/     https://link.medium.com/wX2VXp7f02     https://rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compr omise-an-Uber-Wordpress     https://robinverton.de/blog/2019/08/25/bug-bounty-bypassing-a-crappy-waf-to-exploit-a-blind-s ql-injection     https://aaronesau.com/blog/posts/5     https://mohamedharon.com/2019/07/sql-injection-in-private-sitecomloginphp.html     https://blog.parthmalhotra.com/pwning-child-company-to-get-access-to-parentcompanys-slack -team     https://noob.ninja/2019/07/exploiting-tricky-blind-sql-injection.html     https://link.medium.com/YwS8vckO22   



- Mayank Yadav 



@yadavmayank742 



 



#Facebook (2018):-  ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●



http://whitehatstories.blogspot.com/2018/03/setting-up-tests-for-any-app-or-pixel.html  http://whitehatstories.blogspot.com/2018/04/hi-this-post-is-regarding-one-of-my.html  http://whitehatstories.blogspot.com/2018/05/how-i-could-have-made-your-products-out .html  http://www.askbuddie.com/unauthorized-comments-on-facebook-live-stream/  https://asad0x01.blogspot.com/2018/03/see-unpublished-job-of-any-page.html  https://asad0x01.blogspot.com/2018/05/toggling-comment-option-of-post.html  https://ash-king.co.uk/downloading-any-file-via-facebook-android.html  https://ash-king.co.uk/facebook-bug-bounty-09-18.html  https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/  https://bugbounty.blog/2018/09/18/facebook-750-reward-for-a-simple-bug/  https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-c ommunity-question-forum-a03ea516e327  https://medium.com/@kankrale.rahul/dos-on-facebook-android-app-using-65530-chara cters-of-zero-width-no-break-space-db41ca8ded89  https://medium.com/@markchristiandeduyo/misconfiguration-of-demographics-privacy -in-a-page-682feb1179f2  https://medium.com/@maxpasqua/breaking-appointments-and-job-interview-schedules -with-malformed-times-edef103e46ba  https://medium.com/@maxpasqua/chaining-two-vulnerabilities-to-break-facebook-appo intment-times-for-the-second-time-ac639f8c8773  https://medium.com/@maxpasqua/stealing-side-channel-attack-tokens-in-facebook-acc ount-switcher-90c5944e3b58  https://medium.com/@maxpasqua/unremovable-tags-in-facebook-page-reviews-656e0 95e69aa  https://medium.com/@ritishkumarsingh/facebook-vulnerability-hiding-from-the-view-ofbusiness-admin-in-the-business-manager-a04515fee9dd  https://medium.com/@rohitcoder/email-id-phone-number-can-be-exposed-through-busi ness-manager-e79b970ea288  https://medium.com/@samm0uda/bruteforcing-instagram-accounts-passwords-withou t-limit-7eaeda606ea  https://medium.com/@tnirmalz/facebook-bugbounty-disclosing-page-members-117859 5cc520  https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-to p-fans-4f1887aad85a 



- Mayank Yadav 



@yadavmayank742 



  ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●



https://medium.com/@UpdateLap/privileged-escalation-in-facebook-messenger-roomse71cb7275101  https://medium.com/bugbountywriteup/add-comment-on-a-private-oculus-developer-bu g-report-93f35bc80b2c  https://medium.com/bugbountywriteup/add-description-to-instagram-posts-on-behalf-o f-other-users-6500-7d55b4a24c5a  https://medium.com/bugbountywriteup/bypass-admin-approval-mute-member-and-post ing-permissions-for-only-admins-in-facebook-groups-ef476cb3d524  https://medium.com/bugbountywriteup/creating-test-conversion-using-any-app-8b32ee 0a735  https://medium.com/bugbountywriteup/disclose-private-video-thumbnail-from-facebook -workplace-52b6ec4d73b7  https://medium.com/bugbountywriteup/disclosure-of-facebook-page-admin-due-to-inse cure-tagging-behavior-24ff09de5c29  https://medium.com/bugbountywriteup/distorted-and-undeletable-posts-in-facebook-gr oup-9424e15f5551  https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-a ny-facebook-user-6b84392d0342  https://medium.com/bugbountywriteup/make-any-unit-in-facebook-groups-undeletableefb68e26adb9  https://philippeharewood.com/access-to-fbconnections/  https://philippeharewood.com/application-secret-embedded-in-login-flow-for-facebookswag-store/  https://philippeharewood.com/change-the-background-of-3d-posts-for-any-facebook-us er/  https://philippeharewood.com/create-learning-units-for-any-group/  https://philippeharewood.com/determine-members-in-a-closed-facebook-group/  https://philippeharewood.com/disclose-facebook-page-admins-in-3d/  https://philippeharewood.com/disclose-page-admins-via-facebook-camera-effects/  https://philippeharewood.com/disclose-page-admins-via-gaming-dashboard-bans/  https://philippeharewood.com/disclose-page-admins-via-job-source-recruiter-requests/  https://philippeharewood.com/disclose-page-admins-via-our-story-feature/  https://philippeharewood.com/disclose-page-admins-via-watch-parties-in-a-facebook-gr oup/  https://philippeharewood.com/facebook-business-takeover/  https://philippeharewood.com/path-disclosure-in-instagram-ads-graphql/  https://philippeharewood.com/send-payment-invoices-as-any-facebook-page/ 



- Mayank Yadav 



@yadavmayank742 



  ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●



https://philippeharewood.com/unintended-control-over-the-email-body-in-partner-integra tion-email-instructions/  https://philippeharewood.com/view-facebook-friends-for-any-user/  https://philippeharewood.com/view-private-instagram-photos/  https://philippeharewood.com/view-the-bug-subscriptions-for-any-oculus-user/  https://philippeharewood.com/view-the-email-subscriptions-for-any-oculus-user/  https://philippeharewood.com/view-the-facebook-stories-for-any-media-effect/  https://philippeharewood.com/view-the-vr-experiences-for-any-oculus-user/  https://rpadovani.com/facebook-responsible-disclosure  https://wongmjane.com/post/disclose-fb-intern-server-info-with-a-strange-poll/  https://wongmjane.com/post/reveal-fb-employee-behind-funfact/  https://wongmjane.com/post/view-insights-for-any-fb-marketplace-product/  https://www.amolbaikar.com/xss-on-facebook-instagram-cdn-server-bypassing-signatur e-protection/  https://www.amolbaikar.com/xss-on-facebooks-acquisition-oculus-cdn/  https://www.facebook.com/notes/kinghackx/improper-permissions-when-posting-storie s-in-facebook-group/143172329851275  https://www.facebook.com/notes/kinghackx/prevent-group-admin-from-seeing-storieswithin-the-group/143174459851062  https://www.stueotue.xyz/2018/05/create-undeletable-post-in-groupevent.html  https://www.stueotue.xyz/2018/10/disclose-facebook-learning-unit-group.html  https://www.youtube.com/watch?v=EXNchVewMF0  https://www.youtube.com/watch?v=H0aQPcuskMo  https://www.youtube.com/watch?v=ic-R8jtRoME  https://www.youtube.com/watch?v=N_i8sPlbtZs  https://www.youtube.com/watch?v=Y5BUqdY_M1M   



- Mayank Yadav 



@yadavmayank742 



 



#Facebook (2017):-  ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●



http://asad0x01.blogspot.com/2017/05/facebook-bug-bountycommenting-on-non.html  http://asad0x01.blogspot.com/2017/05/facebook-buggetting-other-users-ip.html  http://asad0x01.blogspot.com/2017/10/facebook-bug-bounty-view-game-scores-of-anyuser.html  http://whitehatstories.blogspot.com/2017/05/oauth-token-validation-bug-in-facebook.ht ml  http://whitehatstories.blogspot.com/2017/09/how-i-could-have-crashed-page-role.html  http://whitehatstories.blogspot.com/2018/01/how-i-could-have-hacked-facebook.html  https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html  https://medium.com/@joshuaregio/enable-comment-mirroring-as-an-analyst-2c226f367 c47  https://medium.com/@joshuaregio/modifying-any-ad-space-and-placement-e22c7cec0 50f  https://medium.com/@joshuaregio/using-app-ads-helper-as-an-analytic-user-e751fcf9c 594  https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-cod e-faa9cc8d0d37  https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0access-token-3af51f89f5b0  https://medium.com/@maxpasqua/adding-any-user-to-facebook-rooms-5cde1692c809  https://medium.com/@maxpasqua/privileged-de-escalation-in-facebook-ads-manager-2 8aa42300318  https://medium.com/@maxpasqua/vertical-privileged-escalation-in-facebook-rooms-11 766502c911  https://medium.com/@maxpasqua/xss-in-facebook-cdn-through-ar-studio-effects-6d3a 670aa7fe  https://medium.com/@maxpasqua/xss-in-oculus-rifts-cdn-f5bac5ec7b9c  https://medium.com/@samm0uda/a-misconfiguration-in-techprep-fb-com-rest-api-allow ed-me-to-modify-any-user-profile-9dd0ff99d757  https://medium.com/@samm0uda/how-i-was-able-to-upload-files-to-api-techprep-fb-co m-74308ff767b  https://medium.com/@vishnu0002/instagram-multi-factor-authentication-bypass-924d9 63325a1  https://medium.com/@zahidali_93675/cross-site-request-forgery-in-facebook-8608720 1d8c 



- Mayank Yadav 



@yadavmayank742 



  ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●



https://medium.com/@zahidali_93675/posting-on-groups-as-people-whenever-their-em ail-was-known-by-an-attacker-9dc8d7baf970  https://medium.com/@zk34911/facebook-bug-bounty-how-i-was-able-to-enumerate-inst agram-accounts-who-had-enabled-2fa-two-step-fddba9e9741c  https://medium.com/bugbountywriteup/whatsapp-dos-vulnerability-in-ios-android-d896f 76d3253  https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkitd5cc813340d1  https://omespino.com/facebook-bug-bounty-getting-access-to-prompt-debug-dialog-and -serialized-tool-on-main-website-facebook-com/  https://opnsec.com/2018/03/stored-xss-on-facebook/  https://pagefault.me/2017/01/12/fb-open-redirect/  https://philippeharewood.com/a-walk-in-the-workplace/  https://philippeharewood.com/change-trust-project-credibility-indicators-as-an-analyst/  https://philippeharewood.com/de-anonymizing-facebook-ads/  https://philippeharewood.com/delete-a-hotel-object-from-a-facebook-product-catalog-us ing-public_profile-permission/  https://philippeharewood.com/determine-a-user-from-a-private-phone-number/  https://philippeharewood.com/disclose-users-with-roles-on-facebook-pages/  https://philippeharewood.com/facebook-ad-spend-details-leaking-for-facebook-marketin g-partners/  https://philippeharewood.com/facebook-graphql-csrf/  https://philippeharewood.com/facebook-stories-disclose-facebook-friend-list/  https://philippeharewood.com/find-instagram-contacts-for-any-user-on-facebook/  https://philippeharewood.com/find-mingle-suggestions-for-any-facebook-user-revisited/  https://philippeharewood.com/find-mingle-suggestions-for-any-facebook-user/  https://philippeharewood.com/make-recruiting-referrals-on-behalf-of-facebook/  https://philippeharewood.com/order-facebook-friends-by-facebook-recruiting-technicalcoefficient/  https://philippeharewood.com/posting-gifs-as-anyone-on-facebook/  https://philippeharewood.com/searching-internal-gatekeeper-constants/  https://philippeharewood.com/see-if-any-facebook-user-is-marked-in-a-crisis/  https://philippeharewood.com/view-former-members-of-a-facebook-group/  https://philippeharewood.com/view-instant-articles-traffic-lift-for-any-page/  https://philippeharewood.com/view-saved-offers-of-another-user/  https://philippeharewood.com/view-the-ads-retention-curve-completion-rate-for-any-adaccount/ 



- Mayank Yadav 



@yadavmayank742 



  ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●



https://philippeharewood.com/view-the-assigned-roles-and-emails-of-an-instagram-acc ount/  https://philippeharewood.com/view-the-job-applications-of-a-page-as-an-analyst/  https://philippeharewood.com/view-the-owned-test-users-for-facebook-employees/  https://stephensclafani.com/2017/03/21/stealing-messenger-com-login-nonces/  https://twitter.com/0x01alka/status/826520689595265026  https://w00troot.blogspot.com/2017/12/how-i-found-ssrf-on-thefacebookcom.html  https://www.amolbaikar.com/facebook-source-code-disclosure-in-ads-api/  https://www.facebook.com/DynamicW0rld/videos/537437603273104/  https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak  https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover  https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf  https://www.seekurity.com/blog/general/business-logic-vulnerabilities-series-a-story-ofa-4-years-old-and-counting-facebook-security-bug/  https://www.seekurity.com/blog/general/business-logic-vulnerabilities-series-how-i-bec ame-invisible-and-immune-to-blocking-on-instagram/  https://www.wired.com/story/facebook-bug-could-let-advertisers-see-your-phone-numb er/  https://www.youtube.com/watch?v=3KwGmKucayg  https://www.youtube.com/watch?v=DvNHjh0EJNs  https://www.youtube.com/watch?v=M6oVdgFZqf0  https://www.youtube.com/watch?v=b85Q8lakfTw   



  



 



- Mayank Yadav 



@yadavmayank742 



 



#Yahoo!:-    link.medium.com/e6k3e4ria3     https://omespino.com/write-up-lovestory-from-closed-as-informative-to-xx00-usd-in-yahoo-ios-  mail-app     https://link.medium.com/FkU7hCsia3     https://link.medium.com/hPxOyMsia3     https://sites.google.com/securifyinc.com/secblogs/yahoo-luminate-rce     https://link.medium.com/GfuvDkCia3     https://link.medium.com/gRCKuMCia3     https://link.medium.com/5ciC88Cia3     https://link.medium.com/R2CyBEDia3   



- Mayank Yadav 



@yadavmayank742 



 



#Google:-    link.medium.com/EJHodzt852     https://link.medium.com/1aLUHft852     https://hackerfactor.com/blog/index.php?/archives/862-reCAPTCHA-Exploits.html     https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdri er     https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction     https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html     https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html     https://link.medium.com/08rPn8Q852   



- Mayank Yadav 



@yadavmayank742 



 



#MISC [0]:-    A curated list of amazingly awesome OSINT   https://github.com/jivoi/awesome-osint     Web-Security-Learning   https://github.com/CHYbeta/Web-Security-Learning     Semi-automatic OSINT framework   https://github.com/kpcyrd/sn0int     Information security Tools Box   https://github.com/tengzhangchao/Sec-Box       How we broke PHP, hacked Pornhub and earned $20,000  https://evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/     How spending our Saturday hacking earned us €20.000   https://medium.com/@matti.bijnens/how-spending-our-saturday-hacking-earned-us-20k-60990 c4678d4     Unrestricted File Upload to RCE | Bug Bounty POC   https://blog.securitybreached.org/2017/12/19/unrestricted-file-upload-to-rce-bug-bounty-poc/     Don't Trust the Host Header for Sending Password Reset Emails  https://lightningsecurity.io/blog/host-header-injection/     HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc  https://blog.securitybreached.org/2017/12/10/how-i-was-able-to-takeover-facebook-account-b ug-bounty-poc/    Unrestricted File Upload by @ ​ JonathanBouman  https://link.medium.com/4vl8XTPVW2        



- Mayank Yadav 



@yadavmayank742 



 



#MISC [1]:-      3 XSS in ProtonMail for iOS by @ ​ vladimir_metnew  https://link.medium.com/E7Qiu6ia12     Magic XSS with two parameters by​@m4shahab1  https://link.medium.com/kJDUMcna12   https://link.medium.com/UnnumPqa12       Exposed Jenkins to RCE on 8 Adobe Experience Managers  https://corben.io/jenkins-to-full-pwnage     Two Easy RCE in Atlassian Products   https://link.medium.com/JMQ7wX7Lc3     How I found RCE But Got Duplicated   https://link.medium.com/joFUVW8Lc3     RCE with Flask Jinja Template Injection   https://link.medium.com/tbUy9Xo702     5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)   https://link.medium.com/ziEBCp0F92     [Writeup — FB] Crash web — app through application form of job application page  https://link.medium.com/q5ENh4buZ2     Hunting Good Bugs with only by @knowledge_2014  https://link.medium.com/oTrMsKEM72     Blind SQL Injection without an ‘in’ by Terjang   https://link.medium.com/EI6X2QMX32        



- Mayank Yadav 



@yadavmayank742 



 



#MISC [2]:-    Payment Gateway Bypass of Zostel: India’s Biggest Hostel Chain  https://medium.com/bugbountywriteup/payment-gateway-bypass-of-zostel-indias-biggest-host el-chain-81c407454f0a    CSRF Token Bypasss — A Tale of my $2k bug” by Adeyefa Oluwatoba  https://link.medium.com/OkSpfNMtF2     “From broken link to sub folder takeover on Bukalapak” by wis4nggeni  https://link.medium.com/NjQ3ylPtF2     “2 FA Bypass via CSRF Attack” by Vishal Bharad   https://link.medium.com/51HpgvRtF2     



- Mayank Yadav 



@yadavmayank742 



 



#Resources:-    Bug Bounty & Disclosure Programs and Write-ups  https://github.com/djadmin/awesome-bug-bounty     Awesome lists for hackers, pentesters and security researchers  https://github.com/Hack-with-Github/Awesome-Hacking     Awesome Python frameworks, libraries, software and resources  https://github.com/vinta/awesome-python     



- Mayank Yadav 



@yadavmayank742 



 



#Reports [P0 and P1]:-    https://​hackerone.com/reports/534450   https://hackerone.com/reports/737169  https://hackerone.com/reports/541169  https://hackerone.com/reports/506646   https://hackerone.com/reports/510152   https://hackerone.com/reports/544928   https://hackerone.com/reports/500515   https://hackerone.com/reports/724889   https://hackerone.com/reports/736863    



- Mayank Yadav 



@yadavmayank742