/ #Hacking 

Researcher Resources - Bounty Bug Write Ups

This is a collection of bug bounty reports that were submitted by security researchers in the infosec community. These write-ups are a great way to learn from fellow hackers.

Web Hacking

Uber Bug Bounty Turning Self-XSS into Good-XSS - F1nite

An XSS on Facebook via PNG & Wonky Content Types - F1nite

Bypassing Google Authentication on Periscope’s Administration Panel - F1nite

How I got access to millions of [redacted] accounts - @Bitquark

Popping a shell on the Oculus developer portal - @Bitquark

Multiple vulnerabilities in D-Link and TRENDnet ‘ncc2’ service - @darkarnium

NetGear SOAPWNDR Authentication Bypass - @darkarnium

Bypassing SOP and shouting hello before you cross the pond - @avlidienbrunn

Slack bot token leakage exposing business critical information - @fransrosen

Using a Braun Shaver to Bypass XSS Audit & WAF - @fransrosen

Paypal XML Upload XSS Vulnerability - @PatrikF

Poisoning the Well - Compromising GoDaddy Customer Support with Blind XSS - IAmMandatory

Drag & Drop XSS in Google - @yappare

Rare MSSQL SQL Injection bug - @yappare

Paypal XXE on Ektron CMS - seanmeals

Facebook Messenger CSRF vulnerabilities - @mazen160

Show friends sharing precise locations as a third party application (Facebook) - philippeharewood

How I could compromise 4% (locked) Instagram Accounts - Arne Swinnen

Two security flaws in Microsoft online web services (CSRF & XSS) - yassineaboukir

How I discovered a $1000 open redirect in Facebook - yassineaboukir

Advisory: TeamCity Account Creation - @TheColonial

Advisory: Seagate NAS Remote Code Execution (RCE) Vulnerability - @TheColonial

Sleeping stored Google XSS Awakens a $5000 Bounty - @PatrikF

Finding XSS vulnerabilities in Flash Files - @smiegles

Taking over Heroku Accounts - @esevece

Hardware Hacking

Reversing Aruba Instant Firmware

(credit: https://forum.bugcrowd.com/)

I shall keep adding new content to this post. Keep checking this post for more updates.


Bablu Kumar

He writes about Python, Cloud Computing and Linux. He is an open-source advocate and a cyber-security enthusiast. His Twitter handle: @hacback17