30 Web App Exploits Every Bug Bounty Hunter Should Know

x32x01
  • by x32x01 ||
🕷️ 30 Web App Exploits Every Bug Bounty Hunter Should Know:
  1. XSS (Cross-Site Scripting)
  2. SQL Injection (SQLi)
  3. CSRF (Cross-Site Request Forgery)
  4. IDOR (Insecure Direct Object Reference)
  5. SSRF (Server-Side Request Forgery)
  6. RCE (Remote Code Execution)
  7. LFI / RFI (Local/Remote File Inclusion)
  8. SSTI (Server-Side Template Injection)
  9. Open Redirect
  10. HTTP Request Smuggling
  11. Web Cache Deception
  12. Broken Access Control
  13. JWT Forgery / None Algorithm Abuse
  14. CORS Misconfigurations
  15. Mass Assignment
  16. Business Logic Flaws
  17. Broken Authentication
  18. Path Traversal
  19. Prototype Pollution (Client & Server)
  20. Host Header Injection
  21. Clickjacking
  22. Subdomain Takeover
  23. Deserialization Attacks
  24. Rate Limiting Bypass
  25. Misconfigured S3 Buckets / Exposed Secrets
  26. GraphQL Misconfigurations (Introspection, Injection, BFL)
  27. HTTP Parameter Pollution (HPP)
  28. WebSocket Hijacking / Insecure Implementation
  29. OAuth / SSO Misconfigurations
  30. Race Condtion
 
Related Threads
x32x01
XSS via Video Files
  • x32x01
Replies
0
Views
254
x32x01
x32x01
x32x01
The Search Engine for Cyber Security (Hackers)
  • x32x01
Replies
0
Views
861
x32x01
x32x01
x32x01
Polyglot Payloads in Hacking - The Exploitation Art!
  • x32x01
Replies
0
Views
318
x32x01
x32x01
x32x01
Google's XSS-Game Solutions
  • x32x01
Replies
0
Views
1K
x32x01
x32x01
x32x01
Subdomain & Port Scanning Guide
  • x32x01
Replies
0
Views
866
x32x01
x32x01
Register & Login Faster
Forgot your password?
Latest Posts
Latest Resources
Forum Statistics
Threads
667
Messages
676
Members
68
Latest Member
Ahsan123
Back
Top