These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
- Arbitrary File Upload
- Business Logic Errors
- CRLF Injection
- Cross Site Request Forgery (CSRF)
- Cross Site Scripting (XSS)
- Denial of Service (DoS)
- Exposed Source Code
- Host Header Injection
- Insecure Direct Object References (IDOR)
- Local File Inclusion (LFI)
- Mass Assignment
- NoSQL Injection
- OAuth Misconfiguration
- Open Redirect
- Remote File Inclusion (RFI)
- Server Side Request Forgery
- SQL Injection (SOON)
- Web Cache Deception
- Web Cache Poisoning
- Forgot Password Functionality
- Register Functionality SOON!
- Account Takeover
- Broken Link Hijacking
- Default Credentials
- Email Spoofing
- JWT Vulnerabilities
- Tabnabbing
- Apache (HTTP Server)
- Confluence
- Grafana
- HAProxy
- Jenkins
- Jira
- Joomla
- Laravel
- Moodle
- Nginx
- WordPress
- Zend
- Tidy up the reconnaisance folder
- Seperate the bypass from some vulnerability readme
- Writes multiple payload bypasses for each vulnerability
- Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
- Payload SQL injection for each WAF (Cloudflare, Cloudfront)