/awsome-security-write-ups-and-POCs

Awesome Writeups and POCs

MIT LicenseMIT

Awesome Security Write-Ups and POCs

A curated list of delightful writeups and POCs

Not mine not yours, It's everyone's. Feel free to contribute.

hacking-resource

Submitting new resource :

Please read the Contribution Doc

Content

  1. Cross Site Scripting - XSS
  2. Cross Site Request Frogery - CSRF
  3. Server Side Request Frogery - SSRF
  4. Application/Business Logic
  5. SQL Injection - SQLi
  6. InDirect Object Reference - IDOR
  7. Code Execution
  8. Reverse Engineering
  9. DNS Related
  10. Brute-force
  11. Subdomain Takeover
  12. Open URL Redirection
  13. Research Papers
  14. Miscellaneous

Resource

Blogs/Write ups
Cross Site Scripting - XSS
  1. XSS that existed at accounts.google.com - @kinugawamasato
  2. admin.google.com Reflected Cross-Site Scripting (XSS) - @bbuerhaus - Vulnerable continue parameter, https://admin.google.com/mrzioto.com/ServiceNotAllowed?service=grandcentral&continue=javascript:alert(document.cookie);//
  3. XSS-es in Google Caja - @SecurityMB
  4. Content Types and XSS: Facebook Studio - @fin1te - Client-side validation for content-type, Which then enables to pass HTML/Javascript to execute XSS
  5. Facebook XSS via Cross-Origin Resource Sharing - @mattaustin
  6. Stored XSS at Parse - Dhaval - No URL validation, Thus allowing javascript:alert(1) in URL parameter leading to XSS
  7. XSS in OAuth flow of Paypal - Dhaval
  8. Reflected XSS through AngularJS sandbox bypass...McDonald - @finnwea
  9. Coming across an XSS vulnerability at Google sites is wrong I expected - ikuta_T
  10. Hacking Google for fun and profit - Manish Bhattacharya
  11. Unpatched (0day) jQuery Mobile XSS - EDUARDO VELA
  12. Reflected XSS in Etsy - Harry M Gertos
  13. Sleeping stored Google XSS Awakens a $5000 Bounty - Patrik Fehrenbach
  14. admin.google.com Reflected Cross-Site Scripting (XSS) - Brett Buerhaus
  15. Stored XSS at exchange.onavo.com - Dhaval
  16. Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF - Brett Buerhaus
  17. How I found a $5,000 Google Maps XSS - Marin Moulinier
Cross Site Request Frogery - CSRF
  1. Messenger.com Site-Wide CSRF - @fin1te
  2. How I bypassed Facebook CSRF once again! - Pouya Darabi
Server Side Request Frogery - SSRF
  1. SSRF at Facebook Update Subscription Menu - Dhaval
  2. Ok Google, Give Me All Your Internal DNS Information - Julien Ahrens
  3. How anyone could have used Uber to ride for free! -
Application/Business Logic
  1. Facebook Simple Technical Bug worth 7500$ - Ashish Padelkar
  2. How I Could Steal Money from Instagram, Google and Microsoft - Arne Swinnen
SQL Injection - SQLi
  1. Popping a shell on the Oculus developer portal - Bitquark
  2. SQLi + XXE + File path traversal Deutsche Telekom - Ibrahim M. El-Sayed
  3. GitHub Enterprise SQL Injection - Orange Tsai
InDirect Object Reference - IDOR
  1. Facebook Vulnerability - Delete Any Video on Facebook - Dan Melamed
  2. Confirming new email/mobile number bug in Facebook - Lokesh Kumar
  3. How I hacked 62.5 million Zomato Users - Anand Prakash - Anand Prakash
Code Execution
  1. Facebook’s ImageTragick Story - @4lemon
  2. WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass - Kacper Szurek
  3. 0day writeup: XXE in uber.com - Vladimir Ivanov
  4. Command injection which got me "6000$" from #Google - S Venkatesh
  5. Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution - Ben Sadeghipour Brett Buerhaus 6.GitHub Enterprise Remote Code Execution - Markus Fenske
  6. Escaping from Restricted Shell and Gaining Root Access - Mehmet Ince
Reverse Engineering
  1. Unfolding obfuscated code with Reven (part 1)
  2. Unfolding obfuscated code with Reven (part 2)
  3. Three roads lead to Rome - Luke Viruswalker
DNS Related
  1. Hijacking Broken Nameservers to Compromise Your Target - @IAmMandatory
  2. That (.) Which Made The Difference - Dhaval
  3. Domain Fronting Via Cloudfront Alternate Domains - Vincent Yiu
Brute-force
  1. How I could have hacked all Facebook accounts - Anand Prakash
Subdomain Takeover
  1. Hijacking tons of Instapage expired users Domains & Subdomains - @emgeekboy
  2. The story of EV-SSL, AWS and trailing dot domains - Detectify
Open URL Redirection
  1. How I discovered a 1000$ open redirect in Facebook - Yassine Aboukir
  2. Facebook Whitehat Vulnerability for 2013: Open Redirection in Facebook Mobile - Prakhar Prasad
  3. Dropbox Team Website Open Redirection - Prakhar Prasad
  4. Bypassing SoundCloud’s protection for open redirections - strukt93
Research Papers
Miscellaneous
  1. Combining host header injection and lax host parsing serving malicious data - Detectify
  2. Compromising Apache Tomcat via JMX access - NCC Group UK
  3. Facebook's Bug - Unauthorized access to credit/prepaid card details - Pranav Hivarekar
  4. Constructing an XSS vector, using no letters - Charles Neill
  5. Order Facebook Friends by Facebook Recruiting Technical Coefficient - Philippe Harewood
  6. Web Cache Deception Attack - Omer Gil
  7. Hacking Slack using postMessage and WebSocket - Frans Rosén
  8. Stealing Messenger.com Login Nonces - Stephen Sclafani
  9. Escaping a Python sandbox with a memory corruption bug - Gabe Pike
Extras
  1. Everything you need to know about HTTP security headers
  2. Helmet JS
  3. GitHub's post-CSP journey - Patrick Toomey
  4. CORS — a guided tour - Martin Splitt

Credits

Categories