30 Web App Exploits Every Bug Bounty Hunter Should Know

x32x01
  • by x32x01 ||
🕷️ 30 Web App Exploits Every Bug Bounty Hunter Should Know:
  1. XSS (Cross-Site Scripting)
  2. SQL Injection (SQLi)
  3. CSRF (Cross-Site Request Forgery)
  4. IDOR (Insecure Direct Object Reference)
  5. SSRF (Server-Side Request Forgery)
  6. RCE (Remote Code Execution)
  7. LFI / RFI (Local/Remote File Inclusion)
  8. SSTI (Server-Side Template Injection)
  9. Open Redirect
  10. HTTP Request Smuggling
  11. Web Cache Deception
  12. Broken Access Control
  13. JWT Forgery / None Algorithm Abuse
  14. CORS Misconfigurations
  15. Mass Assignment
  16. Business Logic Flaws
  17. Broken Authentication
  18. Path Traversal
  19. Prototype Pollution (Client & Server)
  20. Host Header Injection
  21. Clickjacking
  22. Subdomain Takeover
  23. Deserialization Attacks
  24. Rate Limiting Bypass
  25. Misconfigured S3 Buckets / Exposed Secrets
  26. GraphQL Misconfigurations (Introspection, Injection, BFL)
  27. HTTP Parameter Pollution (HPP)
  28. WebSocket Hijacking / Insecure Implementation
  29. OAuth / SSO Misconfigurations
  30. Race Condtion
 
Related Threads
x32x01
A Detailed Guide on Cewl
  • x32x01
Replies
0
Views
849
x32x01
x32x01
x32x01
script tool to extract all subdomains from crt.sh site
  • x32x01
Replies
0
Views
678
x32x01
x32x01
x32x01
HTML5 Security - HTML5 Security Cheat-Sheet
  • x32x01
Replies
0
Views
646
x32x01
x32x01
x32x01
30,000 Sites at Risk: Elementor WordPress Plugin Hacked
  • x32x01
Replies
0
Views
811
x32x01
x32x01
x32x01
Understanding Web3 Vulnerabilities
  • x32x01
Replies
0
Views
37
x32x01
x32x01
Register & Login Faster
Forgot your password?
Latest Posts
Latest Resources
Forum Statistics
Threads
563
Messages
566
Members
54
Latest Member
Satti
Back
Top