back to home
daffainfo / AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
6,644 stars
1,246 forks
3 issues
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing daffainfo/AllAboutBugBounty in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
[](https://repomind-ai.vercel.app/repo/daffainfo/AllAboutBugBounty)
Preview:
Repository Summary (README)
PreviewAll about bug bounty
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
List Vulnerability
- Arbitrary File Upload
- CRLF Injection
- Cross Site Request Forgery (CSRF)
- Cross Site Scripting (XSS)
- Denial of Service (DoS)
- Exposed Source Code
- Host Header Injection
- Insecure Direct Object References (IDOR)
- Local File Inclusion (LFI)
- Mass Assignment
- NoSQL Injection (NoSQLi)
- OAuth Misconfiguration
- Open Redirect
- Reflected File Download (RFD)
- Remote File Inclusion (RFI)
- Server Side Include Injection (SSI Injection)
- Server Side Request Forgery
- SQL Injection (SQLi)
- Web Cache Deception
- Web Cache Poisoning
List Bypass
Checklist
- Forgot Password Functionality
- Register Functionality SOON!
CVEs
- CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)
- CVEs 2022 (SOON)
- CVEs 2023 (SOON)
Miscellaneous
- Account Takeover
- Broken Link Hijacking
- Business Logic Errors
- Default Credentials
- Email Spoofing
- JWT Vulnerabilities
- Tabnabbing
Technologies
- Apache (HTTP Server)
- Confluence
- Grafana
- HAProxy
- Jenkins
- Jira
- Joomla
- Laravel
- Moodle
- Nginx
- WordPress
- Zend
Reconnaissance
To-Do-List
- Tidy up the reconnaisance folder
- Added more lesser known web attacks
- Added CVEs folder
- Writes multiple payload bypasses for each vulnerability
- Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
- Payload SQL injection for each WAF (Cloudflare, Cloudfront)