Bug Bounty Checklist and Cheatsheets
-
HowToHunt – WAPT
-
HolyTips – Authenication
-
binarybrotherhood – Oauth Misconfiguration
-
HolyTips – File Upload
-
Notion – IDOR
-
Portswigger – XSS
-
Portswigger – SQLi
-
Medium – XXE
-
0xn3va – SSRF
-
Google Drive – 2FA
-
0xn3va – CORS
-
Medium – Business Logic Flaws
-
Hacktricks – CSRF
-
Thehackerish – Insecure deserialization
-
0xn3va – Web Cache Poisoning
-
Portswigger – HTTP request smuggling
-
Swisskyrepo – Command Injection
-
E11i0t4lders0n – SAML
-
Pandaonair – Race Condition
-
Janijay007 – S3 Bucket Misconfiguration
-
Portswigger – Server-Side Template Injection
-
Portswigger – WebSockets Vulnerabilities