18 0 170 KB
Bug Hunting Notes
- Mayank Yadav
@yadavmayank742
Platforms:- ❏HackerOne ❏Bugcrowd ❏Synack ❏Detectify ❏Cobalt ❏Open Bug Bounty ❏Zerocopter ❏YesWeHack ❏HackenProof ❏Vulnerability Lab ❏FireBounty ❏Bugbounty.jp ❏AntiHack ❏Intigrity ❏SafeHats ❏RedStorm ❏Cyber Army ID ❏Yogosha
- Mayank Yadav
@yadavmayank742
#Airbnb:- https://link.medium.com/eC4n4GTUN3 https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-re direct https://arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft https://buer.haus/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airb nb-messages/ https://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-interpolation-led-to-remote-code-exec ution/ https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request -forgery-ssrf-via-liveperson-chat https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-aud itor-turns-into-eight-vulnerabilities
- Mayank Yadav
@yadavmayank742
#XSS:- https://link.medium.com/j1cgHbZpq3 https://link.medium.com/q9eeokp2J3 https://link.medium.com/5zdO3gPEw3 https://link.medium.com/vwwEcNQEw3 https://link.medium.com/TH0sHaq2J3 https://link.medium.com/njXx6sq2J3 https://victoni.github.io/bug-hunting-xss-on-cookie-popup-warning https://gauravnarwani.com/cookie-worth-a-fortune https://link.medium.com/bx6lLPq2J3 https://link.medium.com/3khM76q2J3 https://footstep.ninja/posts/exploiting-self-xss https://leucosite.com/Edge-Chromium-EoP-RCE https://jinone.github.io/bugbounty-a-dom-xss https://link.medium.com/g3MwS6YVK2 https://payatu.com/blog/nikhil-mittal/firefox-ios-qr-code-reader-xss-(cve-2019-17003) https://link.medium.com/zbFw7qxe92 https://evanricafort.blogspot.com/2019/12/html-injection-to-xss-bypass-in.html https://hackerinside.me/2019/12/xss-like-pro.html
- Mayank Yadav
@yadavmayank742
https://link.medium.com/u8JQ7mdoe3 https://ysamm.com/?p=343
- Mayank Yadav
@yadavmayank742
#SOP bypass:-
{Same Origin Po licy}
SOP Bypass via browser-cache https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache Exploiting a Microsoft Edge Vulnerability to Steal Files https://netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file Google sites and exploiting same origin policy https://link.medium.com/RejU1vJyI3 https://thehackerblog.com/reading-your-emails-with-a-readwrite-chrome-extension-same-originpolicy-bypass-8-million-users-affected/index.html
- Mayank Yadav
@yadavmayank742
#CSRF:- https://santuysec.com/2020/01/21/google-bug-bounty-csrf-in-learndigital-withgoogle-com https://link.medium.com/cMm5RBzqH3 https://link.medium.com/Gg2BkPzqH3 https://link.medium.com/vZ6kv6zqH3 https://link.medium.com/NYlc5kcIw3 https://link.medium.com/qE0NmPAqH3 https://link.medium.com/jnPy23AqH3 https://link.medium.com/mDuIOdiWx3 https://noobe.io/articles/2019-10/xss-to-account-takeover https://smaranchand.com.np/2019/10/an-inconsistent-csrf link.medium.com/iksNv4eE82 https://link.medium.com/PE19FA9hc3 https://link.medium.com/oLkYeC6x42 https://link.medium.com/vA7NjZ27e3 https://link.medium.com/mEs4Wt37e3 https://smaranchand.com.np/2019/10/an-inconsistent-csrf https://blog.darabi.me/2019/12/instagram-delete-media-csrf.html https://rafiem.github.io/bugbounty/tokopedia/site-wide-csrf-graphql
- Mayank Yadav
@yadavmayank742
https://link.medium.com/fiI1MNg8e3
- Mayank Yadav
@yadavmayank742
#Password reset flaw:- https://link.medium.com/OVvYaKLng3 https://link.medium.com/HZpTPtR2F3 https://link.medium.com/bpYhuYR2F3 https://link.medium.com/5PnwoRS2F3 https://link.medium.com/A67jqlT2F3 https://thezerohack.com/hack-instagram-again https://ninadmathpati.com/how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty https://link.medium.com/MgdJoyY2F3 h ttps://link.medium.com/iRVWjs02F3 https://link.medium.com/roeUih12F3
- Mayank Yadav
@yadavmayank742
#Parameter tampering:- https://blog.securitybreached.org/2020/01/26/improper-input-validation-add-custom-text-and-u rls-in-sms-send-by-snapchat-bug-bounty-poc https://b3nac.com/posts/2019-09-02-Spear-Texting-Via-Parameter-Injection.html https://link.medium.com/rkcIUvhuD3 h ttps://link.medium.com/8tXuo2juD3 https://link.medium.com/a6yLwgkuD3 https://blog.avatao.com/How-I-could-steal-your-photos-from-Google https://link.medium.com/eyxLrykuD3 h ttps://link.medium.com/cgg3NLkuD3 https://link.medium.com/MZP6o1kuD3 h ttps://link.medium.com/ztkAjeluD3
- Mayank Yadav
@yadavmayank742
#Subdomain Takeover:- https://link.medium.com/a61eAt5mC3 https://smaranchand.com.np/2019/12/subdomain-takeover-via-pantheon https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html https://mohamedharon.com/2019/11/subdomain-takeover-via.html https://mohamedharon.com/2019/09/how-i-able-to-takeover-10-subdomains-in.html https://blog.usejournal.com/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redi rect-b5be4906e1a4 https://blog.takemyhand.xyz/2019/05/escalating-subdomain-takeovers-to-steal.html https://link.medium.com/VBwF4s6mC3 https://mohamedharon.com/2019/02/subdomain-aws-s3-buckets-reader.html https://safetydetectives.com/blog/microsoft-outlook
- Mayank Yadav
@yadavmayank742
#Unrestricted file upload:- https://link.medium.com/sILCWr8xB3 https://link.medium.com/V8SdaJ8xB3 https://noobe.io/articles/2019-09/exploiting-cookie-based-xss-by-finding-rce https://link.medium.com/6qTQZwayB3 https://anotherhackerblog.com/exploiting-file-uploads-pt-2 https://link.medium.com/1wFiIWayB3 https://link.medium.com/5rv5CbbyB3 https://mustafakemalcan.com/asus-rce-vulnerability-on-rma-asus-europe-eu https://link.medium.com/jFGhtvbyB3 h ttps://link.medium.com/fRfag0byB3
- Mayank Yadav
@yadavmayank742
#Paypal:- https://link.medium.com/IKr9j5QEw3 https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html https://link.medium.com/MpeA50gDx3 https://portswigger.net/research/bypassing-csp-with-policy-injection https://link.medium.com/jDp3WkkDx3 https://link.medium.com/LIW2fGkDx3 https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-p aypal-case-study https://wesecureapp.com/2018/05/26/persistent-xss-to-steal-passwords-paypal https://link.medium.com/Ef0m3UmDx3 h ttps://link.medium.com/Mz4S4EoDx3 link.medium.com/fxCdDmwl52 https://link.medium.com/8TCKRFCUg3 https://link.medium.com/wQMOg7Ded3 https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html https://link.medium.com/67GX2sHUg3 https://link.medium.com/Z3gCzQHUg3 https://link.medium.com/vxMjqYJUg3 https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-p aypal-case-study
- Mayank Yadav
@yadavmayank742
#HTML injection:- https://link.medium.com/v3JTSS7Hw3 https://footstep.ninja/posts/html-injection-in-email https://link.medium.com/NYlc5kcIw3 https://blog.ripstech.com/2019/wordpress-csrf-to-rce https://link.medium.com/muvJmWfIw3 https://link.medium.com/CtSNLvWXp3 https://link.medium.com/xBjzJonIw3 https://link.medium.com/dK9FDRlIw3 https://link.medium.com/TIRN1NoIw3 https://link.medium.com/MpQKjzoIw3 footstep.ninja/posts/html-injection-in-email/ https://evanricafort.blogspot.com/2019/12/html-injection-to-xss-bypass-in.html https://link.medium.com/oLkYeC6x42 https://evanricafort.blogspot.com/2019/07/html-injection-in-clause-email.html https://link.medium.com/6UDFSD8x42 https://link.medium.com/iOOk5Q8x42 https://link.medium.com/6li2fVyKR2 https://link.medium.com/AjUPS6dy42
- Mayank Yadav
@yadavmayank742
#XSSI:- Write-ups Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty https://link.medium.com/g3MwS6YVK2 The Bug That Exposed Your PayPal Password https://link.medium.com/fxCdDmwl52 Yahoo — Two XSSi vulnerabilities https://link.medium.com/jFkPeGsUv3
- Mayank Yadav
@yadavmayank742
#HTTP Request Smuggling:- HTTP Request Smuggling + IDOR https://hipotermia.pw/bb/http-desync-idor Account takeover via HTTP Request Smuggling https://hipotermia.pw/bb/http-desync-account-takeover HTTP Request Smuggling (CL.TE) https://memn0ps.github.io/2019/09/13/HTTP-Request-Smuggling-CL-TE.html Write up of two HTTP Requests Smuggling https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d
- Mayank Yadav
@yadavmayank742
#SSRF:- https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdri ver https://link.medium.com/Xbz6t9O2r3 https://link.medium.com/YHLYBsQ2r3 https://link.medium.com/IuBvi3Q2r3 https://link.medium.com/0RczPuR2r3 https://link.medium.com/CRffZUR2r3 https://link.medium.com/h4I5fpS2r3 https://link.medium.com/h3f0yHLEh3 https://link.medium.com/NOYWViSSg3 ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver https://link.medium.com/yGqiCKIoA2 https://link.medium.com/zxEYgRFOX2 https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/ https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html https://link.medium.com/CU6NUXOOX2
- Mayank Yadav
@yadavmayank742
#Logic flaw:- https://link.medium.com/5GjfwRMil3 https://link.medium.com/4aLBAQDSq3 https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i https://link.medium.com/WlQhawESq3 https://link.medium.com/omB5M1ESq3 https://inputzero.io/2019/09/telegram-privacy-fails-again.html https://link.medium.com/7DHOeFFSq3 https://link.medium.com/7IuhWgGSq3 https://kntx.xyz/Bypassing-Nickname-Feature https://link.medium.com/s89thfHSq3
- Mayank Yadav
@yadavmayank742
#Privilege Escalation:- https://link.medium.com/9EK64aZ0p3 https://link.medium.com/i3r0isZ0p3 https://link.medium.com/RaArwKZ0p3 https://link.medium.com/z3lGkZZ0p3 https://shawarkhan.com/2019/08/leveraging-angularjs-based-xss-to-privilege-escalation.html https://link.medium.com/C8SKRh00p3 https://whitehatfamilyguy.blogspot.com/2019/06/google-adwordsprivilege-escalation-read.htm l https://link.medium.com/SvC3cI00p3 https://gauravnarwani.com/priv-esc-highest-admin
- Mayank Yadav
@yadavmayank742
#2 FA Bypass:- https://link.medium.com/hDvuiOXDi3 https://link.medium.com/PE19FA9hc3 https://link.medium.com/o4WG060Di3 https://link.medium.com/Cm21UD1Di3 https://link.medium.com/b95OsX1Di3 https://link.medium.com/EZpU6n5Di3 https://link.medium.com/oSt1JF5Di3 https://link.medium.com/WRFcVX5Di3 https://link.medium.com/QeIuM5yk02 https://gauravnarwani.com/two-factor-authentication-bypass
- Mayank Yadav
@yadavmayank742
#Open redirect:- https://link.medium.com/zX7RbLvod3 https://link.medium.com/Ilv9X4vod3 https://link.medium.com/9l7R7mwod3 https://link.medium.com/0TM7iFwod3 https://link.medium.com/2ZYUGTwod3 https://blog.usejournal.com/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redi rect-b5be4906e1a4 https://burninatorsec.blogspot.com/2019/07/microsoft-id-open-redirect.html https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-re direct/
- Mayank Yadav
@yadavmayank742
#IDOR:- footstep.ninja/posts/idor-via-http https://footstep.ninja/posts/exploiting-self-xss https://indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html https://hipotermia.pw/bb/http-desync-idor https://footstep.ninja/posts/idor-via-websockets https://link.medium.com/zItpt0Epb3 https://link.medium.com/SSgmMkEpb3 https://link.medium.com/qYX2VpCu92 https://link.medium.com/utfrIQFpb3 https://link.medium.com/kaqyU5Fpb3
- Mayank Yadav
@yadavmayank742
#SQLi:- strynx.org/insecure-crypto-code-execution/ https://link.medium.com/wX2VXp7f02 https://rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compr omise-an-Uber-Wordpress https://robinverton.de/blog/2019/08/25/bug-bounty-bypassing-a-crappy-waf-to-exploit-a-blind-s ql-injection https://aaronesau.com/blog/posts/5 https://mohamedharon.com/2019/07/sql-injection-in-private-sitecomloginphp.html https://blog.parthmalhotra.com/pwning-child-company-to-get-access-to-parentcompanys-slack -team https://noob.ninja/2019/07/exploiting-tricky-blind-sql-injection.html https://link.medium.com/YwS8vckO22
- Mayank Yadav
@yadavmayank742
#Facebook (2018):- ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
http://whitehatstories.blogspot.com/2018/03/setting-up-tests-for-any-app-or-pixel.html http://whitehatstories.blogspot.com/2018/04/hi-this-post-is-regarding-one-of-my.html http://whitehatstories.blogspot.com/2018/05/how-i-could-have-made-your-products-out .html http://www.askbuddie.com/unauthorized-comments-on-facebook-live-stream/ https://asad0x01.blogspot.com/2018/03/see-unpublished-job-of-any-page.html https://asad0x01.blogspot.com/2018/05/toggling-comment-option-of-post.html https://ash-king.co.uk/downloading-any-file-via-facebook-android.html https://ash-king.co.uk/facebook-bug-bounty-09-18.html https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/ https://bugbounty.blog/2018/09/18/facebook-750-reward-for-a-simple-bug/ https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-c ommunity-question-forum-a03ea516e327 https://medium.com/@kankrale.rahul/dos-on-facebook-android-app-using-65530-chara cters-of-zero-width-no-break-space-db41ca8ded89 https://medium.com/@markchristiandeduyo/misconfiguration-of-demographics-privacy -in-a-page-682feb1179f2 https://medium.com/@maxpasqua/breaking-appointments-and-job-interview-schedules -with-malformed-times-edef103e46ba https://medium.com/@maxpasqua/chaining-two-vulnerabilities-to-break-facebook-appo intment-times-for-the-second-time-ac639f8c8773 https://medium.com/@maxpasqua/stealing-side-channel-attack-tokens-in-facebook-acc ount-switcher-90c5944e3b58 https://medium.com/@maxpasqua/unremovable-tags-in-facebook-page-reviews-656e0 95e69aa https://medium.com/@ritishkumarsingh/facebook-vulnerability-hiding-from-the-view-ofbusiness-admin-in-the-business-manager-a04515fee9dd https://medium.com/@rohitcoder/email-id-phone-number-can-be-exposed-through-busi ness-manager-e79b970ea288 https://medium.com/@samm0uda/bruteforcing-instagram-accounts-passwords-withou t-limit-7eaeda606ea https://medium.com/@tnirmalz/facebook-bugbounty-disclosing-page-members-117859 5cc520 https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-to p-fans-4f1887aad85a
- Mayank Yadav
@yadavmayank742
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
https://medium.com/@UpdateLap/privileged-escalation-in-facebook-messenger-roomse71cb7275101 https://medium.com/bugbountywriteup/add-comment-on-a-private-oculus-developer-bu g-report-93f35bc80b2c https://medium.com/bugbountywriteup/add-description-to-instagram-posts-on-behalf-o f-other-users-6500-7d55b4a24c5a https://medium.com/bugbountywriteup/bypass-admin-approval-mute-member-and-post ing-permissions-for-only-admins-in-facebook-groups-ef476cb3d524 https://medium.com/bugbountywriteup/creating-test-conversion-using-any-app-8b32ee 0a735 https://medium.com/bugbountywriteup/disclose-private-video-thumbnail-from-facebook -workplace-52b6ec4d73b7 https://medium.com/bugbountywriteup/disclosure-of-facebook-page-admin-due-to-inse cure-tagging-behavior-24ff09de5c29 https://medium.com/bugbountywriteup/distorted-and-undeletable-posts-in-facebook-gr oup-9424e15f5551 https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-a ny-facebook-user-6b84392d0342 https://medium.com/bugbountywriteup/make-any-unit-in-facebook-groups-undeletableefb68e26adb9 https://philippeharewood.com/access-to-fbconnections/ https://philippeharewood.com/application-secret-embedded-in-login-flow-for-facebookswag-store/ https://philippeharewood.com/change-the-background-of-3d-posts-for-any-facebook-us er/ https://philippeharewood.com/create-learning-units-for-any-group/ https://philippeharewood.com/determine-members-in-a-closed-facebook-group/ https://philippeharewood.com/disclose-facebook-page-admins-in-3d/ https://philippeharewood.com/disclose-page-admins-via-facebook-camera-effects/ https://philippeharewood.com/disclose-page-admins-via-gaming-dashboard-bans/ https://philippeharewood.com/disclose-page-admins-via-job-source-recruiter-requests/ https://philippeharewood.com/disclose-page-admins-via-our-story-feature/ https://philippeharewood.com/disclose-page-admins-via-watch-parties-in-a-facebook-gr oup/ https://philippeharewood.com/facebook-business-takeover/ https://philippeharewood.com/path-disclosure-in-instagram-ads-graphql/ https://philippeharewood.com/send-payment-invoices-as-any-facebook-page/
- Mayank Yadav
@yadavmayank742
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
https://philippeharewood.com/unintended-control-over-the-email-body-in-partner-integra tion-email-instructions/ https://philippeharewood.com/view-facebook-friends-for-any-user/ https://philippeharewood.com/view-private-instagram-photos/ https://philippeharewood.com/view-the-bug-subscriptions-for-any-oculus-user/ https://philippeharewood.com/view-the-email-subscriptions-for-any-oculus-user/ https://philippeharewood.com/view-the-facebook-stories-for-any-media-effect/ https://philippeharewood.com/view-the-vr-experiences-for-any-oculus-user/ https://rpadovani.com/facebook-responsible-disclosure https://wongmjane.com/post/disclose-fb-intern-server-info-with-a-strange-poll/ https://wongmjane.com/post/reveal-fb-employee-behind-funfact/ https://wongmjane.com/post/view-insights-for-any-fb-marketplace-product/ https://www.amolbaikar.com/xss-on-facebook-instagram-cdn-server-bypassing-signatur e-protection/ https://www.amolbaikar.com/xss-on-facebooks-acquisition-oculus-cdn/ https://www.facebook.com/notes/kinghackx/improper-permissions-when-posting-storie s-in-facebook-group/143172329851275 https://www.facebook.com/notes/kinghackx/prevent-group-admin-from-seeing-storieswithin-the-group/143174459851062 https://www.stueotue.xyz/2018/05/create-undeletable-post-in-groupevent.html https://www.stueotue.xyz/2018/10/disclose-facebook-learning-unit-group.html https://www.youtube.com/watch?v=EXNchVewMF0 https://www.youtube.com/watch?v=H0aQPcuskMo https://www.youtube.com/watch?v=ic-R8jtRoME https://www.youtube.com/watch?v=N_i8sPlbtZs https://www.youtube.com/watch?v=Y5BUqdY_M1M
- Mayank Yadav
@yadavmayank742
#Facebook (2017):- ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
http://asad0x01.blogspot.com/2017/05/facebook-bug-bountycommenting-on-non.html http://asad0x01.blogspot.com/2017/05/facebook-buggetting-other-users-ip.html http://asad0x01.blogspot.com/2017/10/facebook-bug-bounty-view-game-scores-of-anyuser.html http://whitehatstories.blogspot.com/2017/05/oauth-token-validation-bug-in-facebook.ht ml http://whitehatstories.blogspot.com/2017/09/how-i-could-have-crashed-page-role.html http://whitehatstories.blogspot.com/2018/01/how-i-could-have-hacked-facebook.html https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html https://medium.com/@joshuaregio/enable-comment-mirroring-as-an-analyst-2c226f367 c47 https://medium.com/@joshuaregio/modifying-any-ad-space-and-placement-e22c7cec0 50f https://medium.com/@joshuaregio/using-app-ads-helper-as-an-analytic-user-e751fcf9c 594 https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-cod e-faa9cc8d0d37 https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0access-token-3af51f89f5b0 https://medium.com/@maxpasqua/adding-any-user-to-facebook-rooms-5cde1692c809 https://medium.com/@maxpasqua/privileged-de-escalation-in-facebook-ads-manager-2 8aa42300318 https://medium.com/@maxpasqua/vertical-privileged-escalation-in-facebook-rooms-11 766502c911 https://medium.com/@maxpasqua/xss-in-facebook-cdn-through-ar-studio-effects-6d3a 670aa7fe https://medium.com/@maxpasqua/xss-in-oculus-rifts-cdn-f5bac5ec7b9c https://medium.com/@samm0uda/a-misconfiguration-in-techprep-fb-com-rest-api-allow ed-me-to-modify-any-user-profile-9dd0ff99d757 https://medium.com/@samm0uda/how-i-was-able-to-upload-files-to-api-techprep-fb-co m-74308ff767b https://medium.com/@vishnu0002/instagram-multi-factor-authentication-bypass-924d9 63325a1 https://medium.com/@zahidali_93675/cross-site-request-forgery-in-facebook-8608720 1d8c
- Mayank Yadav
@yadavmayank742
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
https://medium.com/@zahidali_93675/posting-on-groups-as-people-whenever-their-em ail-was-known-by-an-attacker-9dc8d7baf970 https://medium.com/@zk34911/facebook-bug-bounty-how-i-was-able-to-enumerate-inst agram-accounts-who-had-enabled-2fa-two-step-fddba9e9741c https://medium.com/bugbountywriteup/whatsapp-dos-vulnerability-in-ios-android-d896f 76d3253 https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkitd5cc813340d1 https://omespino.com/facebook-bug-bounty-getting-access-to-prompt-debug-dialog-and -serialized-tool-on-main-website-facebook-com/ https://opnsec.com/2018/03/stored-xss-on-facebook/ https://pagefault.me/2017/01/12/fb-open-redirect/ https://philippeharewood.com/a-walk-in-the-workplace/ https://philippeharewood.com/change-trust-project-credibility-indicators-as-an-analyst/ https://philippeharewood.com/de-anonymizing-facebook-ads/ https://philippeharewood.com/delete-a-hotel-object-from-a-facebook-product-catalog-us ing-public_profile-permission/ https://philippeharewood.com/determine-a-user-from-a-private-phone-number/ https://philippeharewood.com/disclose-users-with-roles-on-facebook-pages/ https://philippeharewood.com/facebook-ad-spend-details-leaking-for-facebook-marketin g-partners/ https://philippeharewood.com/facebook-graphql-csrf/ https://philippeharewood.com/facebook-stories-disclose-facebook-friend-list/ https://philippeharewood.com/find-instagram-contacts-for-any-user-on-facebook/ https://philippeharewood.com/find-mingle-suggestions-for-any-facebook-user-revisited/ https://philippeharewood.com/find-mingle-suggestions-for-any-facebook-user/ https://philippeharewood.com/make-recruiting-referrals-on-behalf-of-facebook/ https://philippeharewood.com/order-facebook-friends-by-facebook-recruiting-technicalcoefficient/ https://philippeharewood.com/posting-gifs-as-anyone-on-facebook/ https://philippeharewood.com/searching-internal-gatekeeper-constants/ https://philippeharewood.com/see-if-any-facebook-user-is-marked-in-a-crisis/ https://philippeharewood.com/view-former-members-of-a-facebook-group/ https://philippeharewood.com/view-instant-articles-traffic-lift-for-any-page/ https://philippeharewood.com/view-saved-offers-of-another-user/ https://philippeharewood.com/view-the-ads-retention-curve-completion-rate-for-any-adaccount/
- Mayank Yadav
@yadavmayank742
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
https://philippeharewood.com/view-the-assigned-roles-and-emails-of-an-instagram-acc ount/ https://philippeharewood.com/view-the-job-applications-of-a-page-as-an-analyst/ https://philippeharewood.com/view-the-owned-test-users-for-facebook-employees/ https://stephensclafani.com/2017/03/21/stealing-messenger-com-login-nonces/ https://twitter.com/0x01alka/status/826520689595265026 https://w00troot.blogspot.com/2017/12/how-i-found-ssrf-on-thefacebookcom.html https://www.amolbaikar.com/facebook-source-code-disclosure-in-ads-api/ https://www.facebook.com/DynamicW0rld/videos/537437603273104/ https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf https://www.seekurity.com/blog/general/business-logic-vulnerabilities-series-a-story-ofa-4-years-old-and-counting-facebook-security-bug/ https://www.seekurity.com/blog/general/business-logic-vulnerabilities-series-how-i-bec ame-invisible-and-immune-to-blocking-on-instagram/ https://www.wired.com/story/facebook-bug-could-let-advertisers-see-your-phone-numb er/ https://www.youtube.com/watch?v=3KwGmKucayg https://www.youtube.com/watch?v=DvNHjh0EJNs https://www.youtube.com/watch?v=M6oVdgFZqf0 https://www.youtube.com/watch?v=b85Q8lakfTw
- Mayank Yadav
@yadavmayank742
#Yahoo!:- link.medium.com/e6k3e4ria3 https://omespino.com/write-up-lovestory-from-closed-as-informative-to-xx00-usd-in-yahoo-ios- mail-app https://link.medium.com/FkU7hCsia3 https://link.medium.com/hPxOyMsia3 https://sites.google.com/securifyinc.com/secblogs/yahoo-luminate-rce https://link.medium.com/GfuvDkCia3 https://link.medium.com/gRCKuMCia3 https://link.medium.com/5ciC88Cia3 https://link.medium.com/R2CyBEDia3
- Mayank Yadav
@yadavmayank742
#Google:- link.medium.com/EJHodzt852 https://link.medium.com/1aLUHft852 https://hackerfactor.com/blog/index.php?/archives/862-reCAPTCHA-Exploits.html https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdri er https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html https://link.medium.com/08rPn8Q852
- Mayank Yadav
@yadavmayank742
#MISC [0]:- A curated list of amazingly awesome OSINT https://github.com/jivoi/awesome-osint Web-Security-Learning https://github.com/CHYbeta/Web-Security-Learning Semi-automatic OSINT framework https://github.com/kpcyrd/sn0int Information security Tools Box https://github.com/tengzhangchao/Sec-Box How we broke PHP, hacked Pornhub and earned $20,000 https://evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/ How spending our Saturday hacking earned us €20.000 https://medium.com/@matti.bijnens/how-spending-our-saturday-hacking-earned-us-20k-60990 c4678d4 Unrestricted File Upload to RCE | Bug Bounty POC https://blog.securitybreached.org/2017/12/19/unrestricted-file-upload-to-rce-bug-bounty-poc/ Don't Trust the Host Header for Sending Password Reset Emails https://lightningsecurity.io/blog/host-header-injection/ HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc https://blog.securitybreached.org/2017/12/10/how-i-was-able-to-takeover-facebook-account-b ug-bounty-poc/ Unrestricted File Upload by @ JonathanBouman https://link.medium.com/4vl8XTPVW2
- Mayank Yadav
@yadavmayank742
#MISC [1]:- 3 XSS in ProtonMail for iOS by @ vladimir_metnew https://link.medium.com/E7Qiu6ia12 Magic XSS with two parameters by@m4shahab1 https://link.medium.com/kJDUMcna12 https://link.medium.com/UnnumPqa12 Exposed Jenkins to RCE on 8 Adobe Experience Managers https://corben.io/jenkins-to-full-pwnage Two Easy RCE in Atlassian Products https://link.medium.com/JMQ7wX7Lc3 How I found RCE But Got Duplicated https://link.medium.com/joFUVW8Lc3 RCE with Flask Jinja Template Injection https://link.medium.com/tbUy9Xo702 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) https://link.medium.com/ziEBCp0F92 [Writeup — FB] Crash web — app through application form of job application page https://link.medium.com/q5ENh4buZ2 Hunting Good Bugs with only by @knowledge_2014 https://link.medium.com/oTrMsKEM72 Blind SQL Injection without an ‘in’ by Terjang https://link.medium.com/EI6X2QMX32
- Mayank Yadav
@yadavmayank742
#MISC [2]:- Payment Gateway Bypass of Zostel: India’s Biggest Hostel Chain https://medium.com/bugbountywriteup/payment-gateway-bypass-of-zostel-indias-biggest-host el-chain-81c407454f0a CSRF Token Bypasss — A Tale of my $2k bug” by Adeyefa Oluwatoba https://link.medium.com/OkSpfNMtF2 “From broken link to sub folder takeover on Bukalapak” by wis4nggeni https://link.medium.com/NjQ3ylPtF2 “2 FA Bypass via CSRF Attack” by Vishal Bharad https://link.medium.com/51HpgvRtF2
- Mayank Yadav
@yadavmayank742
#Resources:- Bug Bounty & Disclosure Programs and Write-ups https://github.com/djadmin/awesome-bug-bounty Awesome lists for hackers, pentesters and security researchers https://github.com/Hack-with-Github/Awesome-Hacking Awesome Python frameworks, libraries, software and resources https://github.com/vinta/awesome-python
- Mayank Yadav
@yadavmayank742
#Reports [P0 and P1]:- https://hackerone.com/reports/534450 https://hackerone.com/reports/737169 https://hackerone.com/reports/541169 https://hackerone.com/reports/506646 https://hackerone.com/reports/510152 https://hackerone.com/reports/544928 https://hackerone.com/reports/500515 https://hackerone.com/reports/724889 https://hackerone.com/reports/736863
- Mayank Yadav
@yadavmayank742