Github leak bug bounty. Write better code with AI Security.
Github leak bug bounty A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto. Bug Bounty Tricks and useful payloads and bypasses for Web Application Security. Nov 17, 2023 · Please describe your issue in as much detail as possible: Describe what you expected should happen and what did happen. Dec 9, 2020 · If you have/know of any Facebook writeups not listed in this repository, feel free to open a Pull Request. It will help you to find important files, leaks, Admin panels, etc. License Hello, fellow bug bounty hunters! This repository is a collection of my personal bug bounty and security researching resources, scripts, and notes. Contribute to getgh/bb-tools development by creating an account on GitHub. check for chats with others, u may access others chats 9. Our Miscellaneous tools list includes a range of solutions, from reporting templates to security checklists, to help streamline your bug bounty process and ensure the best results. - 0xPoyel/Search-Engine-For-Web-Pen-testing-and-Bug-Hunting bug hacking enumeration nmap bounty recon bugbounty vps-setup gf url-finder subdomain-enumeration subdomainfinder automatic-bug-bounty-tools-install recon-tools-install bug-bounty-vps-setup mrco24 Updated Nov 11, 2024 BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. ineligible for award satisfactory satisfies C4 submission criteria; eligible for awards sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons unmitigated and removed ineligible for award 2 (Med Risk A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters 通过openjdk源码分析, 这部分是在dump线程堆栈, 所有线程进入safepoint的相关逻辑. 49 and 2. - Mehdi0x90/Web_Hacking GitHub community articles API Key Leak. 触发的原因是服务每分钟 dump 所有线程的堆栈并上报监控, 从而触发jvm memory leak bug. Dept Of Defense - 17 upvotes, $0 Community curated list of public bug bounty and responsible disclosure programs. Today’s article is all about $50000 bounty. Oct 14, 2018 · As the official disclosed report at HackerOne shows, bounty hunter Th3G3nt3lman was awarded $15,000 after discovering and reporting a sensitive auth token that was accidentally posted by a This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles - x1337loser/bug-bounty-writeup This repo contains all variants of information security & Bug bounty & Penetration Testing write-up design for beginners or newcomers who are confused or don't know which keyword to search. If I get to learn about the bug from a YT video, no A curated collection of essential tools and scripts for bug bounty hunters and cybersecurity professionals, designed to streamline your vulnerability assessment and penetration testing. Jan 30, 2025 · As always when it comes to bug bounty hunting, read the program's policy thoroughly. This is big bounty for token leaks. Sep 6, 2023 · Finding #2073425 — Github CLI path traversal file read via issue templates. It supports finding repos in Github, Gitlab, Azure DevOps (ADO), Bitbucket and the local file system. Awesome Bug Bounty. io-file Auxilium Security Path traversal CVE-2020-15134 faye-websocket GitHub advisory Lack of TLS certificate validation CVE-2020-15133 faye-websocket GitHub advisory Lack of TLS certificate Bug Bounty Tricks and useful payloads and bypasses for Web Application Security. uber. com website has been left misconfigured, which leads to leaking of sensitive information and distorted stats and data. " Ressources for bug bounty hunting. General purpose Travis CI leak hunting tool useful for Bug Bounty hunting and much more. Dept Of Defense - 20 upvotes, $0; CSRF in Importing CSV files [app. Please try to sort the writeups by publication date. Password Leak: Look for plaintext passwords of internal employees exposed in various leaks. PentesterLand Bug Bounty Writeups. Bug Hunting Tutorials. Thanks, the logs show it's not a traditional leak with lost pointers, but rather a growing array/similar where the old elements are never freed. A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting - google-dorks-bug-bounty/README. com] to Stripe - 20 upvotes, $0; CSRF to delete a pet to Mars - 20 upvotes, $0 A bug bounty or bug bounty program is IT jargon for a reward or bounty program given for finding and reporting a bug in a particular software product. use X-Original-Url Header By BugBountyResources. Please link any large pastes as a Github Gist. - Anugrahsr/Awesome-web3-Security A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more - UberGuidoZ/hacker-search-engines EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. Many IT companies offer bug bounties to drive product improvement and get more interaction from end users or clients. Write better code with AI Security. Hackerone POC Reports. Topics writeups bugbounty bugbountytips bugbountytricks bugbounty-writeups security-writeups bugbounty-reports Bug Bounty Script is a powerful and versatile Bash script designed to automate security testing tasks for bug bounty hunting. Top 100 paid reports from HackerOne: Github access token exposure to Shopify - $50000, 1269 upvotes [Pre-Submission][H1-4420-2019] API access to Phabricator on code. We were able to leak our Game Server Login Token (GSLT), connected players’ IP addresses, any messages from the server's console, etc. - rootbakar/bugbounty-toolkit A repository that includes all the important wordlists used while bug hunting. This is my 1st blog, if you find any spelling mistakes, so please bear with me for the next few minutes. 0. - 0xPARC/zk-bug-tracker Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $0 [CVE-2022-35949]: undici. Resources May 10, 2020 · How I made $15k in bug bounties from GitHub secret leaks API keys, passwords, and customer data are accidentally posted to GitHub every day. Both “Legacy” and “NonLegacy” templates are supported. To review, open the file in an editor that reveals hidden Unicode characters. Aug 10, 2024 · [July 12 - $ 500] Facebook Bug bounty page admin disclose bug by Yusuf Furkan [July 04 - $ 2000] This is how I managed to win $2000 through Facebook Bug Bounty by Saugat Pokharel [July 04 - $ 500] Unremovable Co-Host in facebook page events by Ritish Kumar Singh Search Engine For Web Pen-testing and Bug Hunting - A simple tool that provides an updated list of Google dorks for finding vulnerable endpoints, exposed databases, and sensitive information indexed by search engines. 最终在openjdk的issue中发现了这个Bug. Leaking Username and Password in the URLs via Virustotal, can leads to account takeover to Chaturbate - 11 upvotes, $0; hard-use account takeover qiwi. com to Uber - 37 upvotes, $1000; Self XSS on Acronis Cyber Cloud to Acronis - 37 upvotes, $100 Elevate your bug bounty game with our treasure trove of FREE resources! 🚀 Dive into a world of expert guides, cheat sheets, and tools to supercharge your bug hunting journey. Feb 23, 2025 · Credit: DALL-E Uncover Secrets, Tokens, and APIs in GitHub Repositories. Latest guides, tools, methodology, platforms tips, and tricks curated by us. com to QIWI - 11 upvotes, $0; Session mismatch leading to potential account takeover (local access required) to Cloudflare Public Bug Bounty - 11 upvotes, $0 A curated list of various bug bounty tools. 0-dbg" is enough, and that warning can be ignored, Ubuntu's valgrind is a bit old. The backend on the segment. Results content May 5, 2016 · problem description: If a Tor entry guard is running on the same server (same IP) as the VPN server (same IP), and if VPN breaks down, Tor may connect directly to the VPN if it happened to choose t Password Leak: Look for plaintext passwords of internal employees exposed in various leaks. A journal for $6,000 Riot Vanguard bounty. Whether you're just getting started or you're a seasoned bug hunter, these tips will help you level up your skills, save time, and uncover more vulnerabilities. You signed in with another tab or window. Contact the security team or if possible use a bug bounty platform such as HackerOne or Bugcrowd. taxjar. Leaking sensitive information from protected tweets via a prepared website. 💡 In the world of bug Repository of Bug-Bounty Writeups. TUTORIAL. md. # It can also be ran against alive websites - whalebone7/IP-checker IP Checker is a Bash tool that checks if an IP address or a list of IP addresses in a file contains a specified keyword in its HTTP response. request vulnerable to SSRF using absolute / protocol-relative URL on pathname to Internet Bug Bounty - 4 upvotes, $0; Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $250 GitHub Bug Bounty. This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter - vulnerability-Checklist/reset password/reset_password_checklist. This page contains a streamlined methodology tailored for Bug Bounty Hunting, Web Application Penetration Testing (WAPT), and Vulnerability Assessment and Penetration Testing (VAPT). Our search engine utilizes pre-defined dorks to Bug Bounty Testing Essential Guideline : Startup Bug Hunters bug owasp pentesting owasp-top-10 bugbountytips bugbountytricks bugbounty-writeups bugbounty-reports Updated Dec 21, 2020 Our rewards are impact-based. Tips and Tutorials for Bug Bounty and also Penetration Tests. A concise collection of must-have bug bounty tools for all security enthusiasts. It serves as a practical guide for Red Teamers, Blue Teamers, and CTF players, focusing on key phases like A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting - TakSec/google-dorks-bug-bounty Jul 3, 2023 · Bug Bounty Hunter — Let’s Understand and Recognize IDOR Vulnerability / Part 1 IDOR (Insecure Direct Object Referance) yazılımcıların korkulu rüyası, bug bounterların ise en sevdiği The first step is to collect possibly several javascript files (more files = more paths,parameters-> more vulns)To get more js files, this depends a lot on the target, I'm one who focuses a lot in large targets, it depends also a lot on the tools that you use, I use a lot of my personal tools for this: Feb 26, 2021 · Student of Bachelor of Commerce(B. Reload to refresh your session. Bug Bounty write-ups and POC. A JSON Web Token (JWT) is a standardised format for securely exchanging data between two parties. look around for a way to leak the victims id, like showing their profile if u where friends, etc 7. google. CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger to Internet Bug Bounty - 21 upvotes, $0; Self stored Xss + Login Csrf to U. Contribute to Proviesec/github-dorks development by creating an account on GitHub. Launched earlier this month, Shhgit finds secrets and sensitive files across the GitHub code base by listening to the GitHub Events API. Can the team consider a closed/open bug bounty on it? An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Bug Bounty in Cybersecurity. com CSRF Tokens Using Service Worker API - https: Feb 11, 2025 · How to Find Your 1st Easy Bug as a Bug Bounty Hunter (Step-by-Step Guide) On Real Live Websites If u cant read the article joined the discord server to read it from there : Feb 7 Write better code with AI Security. I was hoping these issues would at least get updates/comments, or narrowed down the causes -- #3498. You switched accounts on another tab or window. 17-2. Let's hunt those bugs together! 🔍💻. 💯March 9, 2025 - How I Found a Google API Key Leak in a Bug Bounty Program. io-file Auxilium Security File type restriction bypass CVE-2020-15779 socket. Contribute to yeshuibo/awesome-bugbounty-tools development by creating an account on GitHub. MetaMask showed high memory and CPU Feb 13, 2025 · Submit work: Create a pull request including /claim #1318 in the PR body to claim the bounty; Receive payment: 100% of the bounty is received 2-5 days post-reward. Contribute to jaiswalakshansh/Facebook-BugBounty-Writeups development by creating an account on GitHub. . 50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) to Internet Bug Bounty - 29 upvotes, $1000 GG Dorking is a python tool to generate GitHub and Google dorking links for pentesters and bug bounty hunters. Goal of this repo is to track changes in targets and add/remove new/old targets, in order to perform reconnaissance en-masse, by putting them all in one place. Saved searches Use saved searches to filter your results more quickly Able To Check The Exact Bounty Balance of any Bug Bounty Program to HackerOne - 26 upvotes, $0 [Bypass] Ability to invite a new member in sandbox Organization to HackerOne - 26 upvotes, $0; Two-factor authentication bypass lead to information disclosure about the program and all hackers participate to HackerOne - 26 upvotes, $0 collector: was moved to your own repository, it can be used in recon directory and your funcionality is subdomain and web data discovery;; g4sp4rz1nh0: was moved to your own repository, it's a modified version of splitter to create a infraestructure to anonymization during pentest to avoid WAF/Firewall block to our IP. Contribute to kaybeeinc/bug-bounty-writeups development by creating an account on GitHub. 💯March 9, 2025 - The Art of Bug Reporting. OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Hello, fellow bug bounty hunters! This repository is a collection of my personal bug bounty and security researching resources, scripts, and notes. Make sure you are eligible for payouts; Thank you for contributing to mediar-ai/screenpipe! Add a bounty • Share on socials Race Conditions in OAuth 2 API implementations to Internet Bug Bounty - 42 upvotes, $0 API Last Request Date/Time Not Updating to HackerOne - 42 upvotes, $0 RC Between GitHub's Repo Update REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention to GitHub - 42 upvotes, $0 Bug Bounty Testing Essential Guideline : Startup Bug Hunters - twseptian/bug-bounty-testing-essential-guideline-startup-bug-hunters Apr 26, 2023 · This is my first attempt at a report on your new bug bounty program (I got an invite after my report leading up to CVE-2022-31130), I hope I am doing this the right way :) Similar to CVE-2022-31130 and CVE-2022-39201 there is still an auth token leak present in the JWT auth_token query parameter. md at main · Az0x7/vulnerability-Checklist More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects. Welcome to our web hacking and bug bounty hunting resource repository! A curated collection of web hacking tools, tips, and resources is available here. Very rarely does a program accept reports through GitHub. The legacy ones are indexed here: Stored XSS on issue comments and other pages which contain notes to GitLab - 37 upvotes, $3000; Rails ActionView sanitize helper bypass leading to XSS using SVG tag. Contribute to sehno/Bug-bounty development by creating an account on GitHub. What CMS: Identify the version and type of CMS used by a target organisation for targeted enumeration and exploit research. Hackers use these keys to login to servers, steal personal information, and rack up absurd AWS charges. Bug Bounty POC. Sep 5, 2024 · and it mean you cannot reproduce on wayland the vision leaks, you can reproduce audio leaks though (might break down the bounty in smaller ones if there is a leak in both audio and vision) you can disable audio or vision using --disable-vision or --disable-audio [May 21 - $13,337] Google Bug Bounty: LFI on Production Servers in “springboard. Bug pub 4096R/EBA314E6 2014-02-18 Key fingerprint = 495D 2EB6 CD8B F2C0 C308 E373 315C B025 EBA3 14E6 uid GitHub Bug Bounty (Non-Incident Notification) <bounty@github. An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Bug Bounty in Cybersecurity. HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function to Cloudflare Public Bug Bounty - 108 upvotes, $6000 XXE in Site Audit function exposing file and directory contents to Semrush - 108 upvotes, $0 The Bug Hunters Methodology. Yeah, "apt-get install mate-panel-dbg libgtk-2. and Bug-bounty hunters! Simplify your life with leak CVE-2020-24807 socket. We hope that this repository will be a valuable resource for you as you work to secure the internet and make it a safer place for everyone, whether Feb 28, 2021 · Collection of Facebook Bug Bounty Writeups. SecurityBreached-BugBounty POC. Contribute your own tips or use these to streamline your workflow and uncover more vulnerabilities. mtnbusiness. This means, for example, that we will issue a relatively high reward for a vulnerability that has the potential to leak sensitive user data, but that we will issue little to no reward for a vulnerability that allows an attacker to deface a microsite. Bug Bounty World. Bug Bounty Guide is a launchpad for bug bounty programs List of Google Dorks for sites that have responsible disclosure program / bug bounty program - sushiwushi/bug-bounty-dorks Apr 27, 2023 · For bug bounty hunters, GitHub repositories can reveal a variety of potentially useful information. 2 均声明修复了该bug; 参考链接 @prc5 Would you be interested in reviewing the PR's and addressing the memory leak issue against whatever support we can raise? Anyone who wants to match my 100 USD please comment here and show your support. As you can see in the above configuration both read and write set to true which means anyone can read and write to this firebase database, developer some times use this settings for testing purpose but letter forgets to change this to only allow app users to read or write data (rare to find). Reconnaissance is the most important step in any penetration testing or a bug hunting process. This vulnerability could lead to exposure of information such as credit card numbers, bank account numbers, phone numbers, tokens, specific words or even the whole phrases but also the exposure of any additional information such as mentioned users, tweet time frames, tweet We are aware that other bug bounty programs might interpret this issue differently, but we have accepted the low risk that CSV injection poses. It provides an attacker More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects. - Web_Hacking/API Key Leak. Get started today and take your bug bounty game to the next level. It provides a curated collection of tools, methodologies, and learning materials that are essential for identifying and reporting security vulnerabilities. drawio file for all details. Com) and also I am a Bug Bounty Hunter. Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. Keep up the good work and we look forward to more reports from you in the future! Bug Bounty methodology This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. md at main · TakSec/google-dorks-bug-bounty It proposes also public API assets built by them which can contains custom endpoints and data. uberinternal. important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. Thanks to all contributors, you're Only the first person who discloses a bug is eligible for the bounty. This bounty is to identify the root cause of the issue and write a patch. How hacker get it by just finding If you find a critical bug or vulnerability in the TON Blockchain (in the C++ code of the main repository) or TON main services (standard wallets, bridge, standard smart contracts), you can send its description and exploitation scenario and receive a reward. (CVE-2024-38475) to Internet Bug Bounty - 29 upvotes, $4920; Path Traversal and Remote Code Execution in Apache HTTP Server 2. DEFCON Conference videos on YouTube. Add this topic to your repo To associate your repository with the api-key-bug-bounty topic, visit your repo's landing page and select "manage topics. By participating in the program, you’re helping improve GitHub's security for everyone, from individual developers to large teams and organizations. We are interested in critical Twitter - protected tweets exposure Summary. Contribute to 0dayhunter/Facebook-BugBounty-Writeups development by creating an account on GitHub. As the Web3 space continues to grow, security becomes paramount, and these bug bounty programs play a crucial role in identifying and mitigating potential This comprehensive resource is designed to help beginners start their journey in bug bounty hunting. bug-bounty / Sensitive_Info_Leaks / Version Leak. to Internet Bug Bounty - 37 upvotes, $2400; Reflected XSS on https://www. Useful Github Dorks for BugBounty -. My goal is to share useful information and tools that have helped me in my own journey, with the hope that they can do the same for you. It is compact, readable and digitally signed using a private key/ or a public key pair by the Identity Provider(IdP). API endpoint leaking sensitive user information (distorted data). Facebook Hunting POC. A curated list of various bug bounty tools. com/punk-security/secret-magpie-cli. com Apache HTTP [2. ng] to MTN Group - 27 upvotes, $0 [July 12 - $ 500] Facebook Bug bounty page admin disclose bug by Yusuf Furkan [July 04 - $ 2000] This is how I managed to win $2000 through Facebook Bug Bounty by Saugat Pokharel [July 04 - $ 500] Unremovable Co-Host in facebook page events by Ritish Kumar Singh My intention is to make a full and complete list of common vulnerability that are publicly disclosed bug bounty write-up, and let Bug Bounty Hunter to use this page as a reference when they want to gain some insight for a particular kind of vulnerability during Bug Hunting, feel free to submit pull request. " Java AuthMatrix "AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web Collection of Facebook Bug Bounty Writeups. JWT is most commonly used in authorization. Do not disclose the bug to the public before it's patched. openjdk 17. A collection of over 5. Download the . Topics bug vulnerability vulnerabilities bugs bugbounty ethical-hacking red-team bugcrowd hackerone red-teaming bugbountytips bugbounty-tool bugbountytricks bugbounty-reports ethical-hacker bugbounty-checklist Logger++ "This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. Can you search for secrets on someone laptop? Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE202138666) Bounty award: $5,000. All these articles' links are fetched from medium. GitHub Copilot. This script is aimed to search for these pieces of information in Postman public library. A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities It is useful for bug bounty hunters and security researchers to quickly identify potential vulnerabilities in web applications. 🛡️ From web vulnerabilities to penetration testing essentials, we've got you covered. This project aims to curate a comprehensive list of independently hosted bug bounty programs within the Web3 ecosystem that offer substantial rewards, with payouts ranging into six figures. Below is a flow diagram based on my experience on how you should start your bug bounty journey. How To Shot Web — Jason Haddix, 2015. Contribute to jhaddix/tbhm development by creating an account on GitHub. Contribute to kkent030315/Van1338 development by creating an account on GitHub. 问题修复. This script streamlines the process of reconnaissance, port scanning, vulnerability scanning, and more, helping security researchers and bug bounty hunters efficiently identify potential security vulnerabilities in Dec 30, 2023 · MiloTruck added in discussion Discussion about this issue is ongoing, and not yet resolved. Software security researchers are increasingly engaging with internet companies to hunt down vulnerabilities. ” (There is a more comprehensive list of GithubDorking below at the end of the article) Then A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. They are effectively text files with a special filename under the repository. This repository is a collection of concise, actionable bug bounty tips, each carefully crafted into a single line. com from leaked certificate in git repo to Uber - $39999, 367 upvotes A curated list of web3Security materials and resources For Pentesters and Bug Hunters. Netsec on Reddit. Confusion Exploiting URL Parsing Confusion Vulnerabilities Sep 24, 2019 · Bug hunters and security researchers have been offered a new tool to search for sensitive material that’s inadvertently been published on code repository GitHub. You signed out in another tab or window. Irrespective of your technical background, this flow diagram is applicable to all. The Github CLI features per repo issue templates. Unfortunately, these items can leak sensitive data about private websites and companies. 💯March 9, 2025 - “Blind CSS Exfiltration: The Bug Bounty Tactic That Earns Hackers $10k+ (Here’s How)” SecretMagpie is a secret detection tool that hunts out all the secrets hiding in ALL your repositories. com (A popular blog sharing site for a variety of different Contribute to suraj4881/bug-bounty development by creating an account on GitHub. Our bounty program gives a tip of the hat to these researchers and provides rewards of $30,000 or more for critical vulnerabilities. com, focusing on identifying and mitigating vulnerabilities such as SQL injections and subdomain security risks. By leveraging tailored search queries known as dorks, you can efficiently uncover valuable data for your target domains. And this blog is about a vulnerability that, I was able to find in the Hackerone’s private program which allows me to take over any user’s account. md at main · Mehdi0x90/Web_Hacking Sep 12, 2018 · It seems that there is a memory leak since the trade statistics release in the GUI app. A Storehouse of resources related to Bug Bounty Hunting collected from different sources. - EdOverflow/bug-bounty-responses IDOR bug to See hidden slowvote of any user even when you dont have access right to Phabricator - 27 upvotes, $300 IDOR - Other user's delivery address disclosed to Azbuka Vkusa - 27 upvotes, $0 IDOR [mtnmobad. io Bug Bounty, Leak information through API request. A curated list of available Bug Bounty & Disclosure Programs and Write-ups. 💯March 9, 2025 - From Partial IDOR to GPS Tracking — API Flaw Explained. Galaxy Bug Bounty : Tips and Tutorials for Bug Bounty and also Penetration Tests Extra Practicing Labs (Critical Vulnerabilities) : Spring RCE vulnerability reproduction environment A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting Topics search google osint hacking bugbounty google-dorks ghdb ceh googledorks google-dorking-tool google-dorking-payloads google-dorks-for-hackers is designed to streamline your search for interesting information across various bug bounty programs, both public and private. It can also save the logged data in CSV format. Given an auth token, it will: https://github. Segment. com. ; aquatone - Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. So the integrity and authenticity of the A collection of response templates for invalid bug bounty reports. All about bug bounty (bypasses, payloads, and etc) - AllAboutBugBounty5/OAuth Misconfiguration. This exploit affects 3 of the top 7 games on Steam: Dota 2, CS:GO, Team Fortress 2. 4. Perfect for bug hunters looking to boost their skills and efficiency. Saved searches Use saved searches to filter your results more quickly 01/08/2016 - Bug Bounty Github Enterprise SQL Injection 10/11/2017 - Leaking Amazon. Hi Hackers , Mr Horbio this side. I could never see a leak before in the Bitsquare GUI app (on OSX), but the seed node app (running under Linux GitHub’s Bug Bounty Program invites security researchers and ethical hackers to help identify vulnerabilities in GitHub’s platform. Contribute to pwnpanda/Bug_Bounty_Reports development by creating an account on GitHub. - Karanxa/Bug-Bounty-Wordlists Summary of almost all paid bounty reports on H1. Squid as reverse proxy RCE and data leak to Internet Bug Bounty - 17 upvotes, $0 Authenticated path traversal to RCE to Concrete CMS - 17 upvotes, $0 RCE on [CVE-2021-26084] to U. Find and fix vulnerabilities A curated list of various bug bounty tools. Find and fix vulnerabilities Jan 25, 2025 · Start by searching GitHub for the name of your target organization combined with potentially sensitive information types such as “api key,” “api keys,” “apikey,” “authorization: Bearer,” “access_token,” “secret,” or “token. Developers often accidentally leak credentials, API keys, tokens, and sensitive infrastructure details in public/private repos. 38] Local Root Privilege Escalation to Internet Bug Bounty - 120 upvotes, $1500 Privilege Escalation via Keybase Helper to Keybase - 115 upvotes, $0 Unauthorized User can View Subscribers of Other Users Newsletters to LinkedIn - 108 upvotes, $0 Resources Public . when I want to find a timing leak in Java, As always when it comes to bug bounty hunting Saved searches Use saved searches to filter your results more quickly Got $50K Bounty Just for Github token leaks. md at master · ronin-dojo/AllAboutBugBounty5 EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. 2 / oraclejdk 17. S. About. If multiple people report a bug, the bounty may be split between them depending on my subjective judgement. Contribute to vavkamil/awesome-bugbounty-tools development by creating an account on GitHub. Hak5 on YouTube. Apr 24, 2018 · Bounty: MetaMask has received multiple reports of the extension running high CPU usage. com” – $13,337 USD * by Omar Espino [Apr 27 - $0] Broken Access: Posting to Google private groups through any user in the group * by Elber Andre roblox-bug-bounty-program Repository containing tools, scripts, and findings from the cybersecurity analysis conducted on Roblox. when u try to do horizontal access, always check the 302 body 8. I will never use that bug to exploit any other server. 1M sub-domains and assets belonging to bug bounty targets, all put in a single file (using a script). dsluzk dpxyb kphigy tzswyc vezbqt phgl prom yzkkvs wskear nsea ymh npwfncwg ruswo anmkk cxqhj