07-06-2025, 09:03 PM
#WebApp_Security
Bug Bounty Cheat Sheet, Ver.1.0.
1. Account Takeover (ATO) (https://github.com/swisskyrepo/PayloadsA...20Takeover)
2. API Key and Token Leaks (https://github.com/swisskyrepo/PayloadsA...ey%20Leaks)
3. Bypass Upload Tricky (https://github.com/swisskyrepo/PayloadsA...re%20Files)
4. Clickjacking (https://github.com/swisskyrepo/PayloadsA...ickjacking)
5. Client Side Path Traversal (CSPT) (https://github.com/swisskyrepo/PayloadsA...0Traversal)
6. Command Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
7. Content Injection (https://github.com/EdOverflow/bugbounty-...jection.md)
8. CORS (https://github.com/swisskyrepo/PayloadsA...ion)/OAuth (https://github.com/swisskyrepo/PayloadsA...figuration) Misconfiguration
9. CRLF Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
10. CSV Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
11. Cross-Site WebSocket Hijacking (CSWSH) (https://github.com/swisskyrepo/PayloadsA...s)/Request Forgery (CSRF/XSRF) (https://github.com/swisskyrepo/PayloadsA...%20Forgery)
12. DNS Rebinding (https://github.com/swisskyrepo/PayloadsA...0Rebinding)
13. DOM Clobbering (https://github.com/swisskyrepo/PayloadsA...Clobbering)
14. Dependency Confusion (https://github.com/swisskyrepo/PayloadsA...0Confusion)
15. Directory Traversal (https://github.com/swisskyrepo/PayloadsA...0Traversal)
16. External Variable Modification (https://github.com/swisskyrepo/PayloadsA...dification)
17. File Inclusion/LFI (https://github.com/swisskyrepo/PayloadsA...0Inclusion)
18. GraphQL Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
19. HTTP Request Smuggling (https://github.com/swisskyrepo/PayloadsA.../Parameter Pollution (HPP) (https://github.com/swisskyrepo/PayloadsA...0Pollution)
20. Insecure Deserialization (https://github.com/swisskyrepo/PayloadsA...on)/Direct Object References (https://github.com/swisskyrepo/PayloadsA...Management Interface (https://github.com/swisskyrepo/PayloadsA...Randomness (https://github.com/swisskyrepo/PayloadsA...ss)/Source Code Management (https://github.com/swisskyrepo/PayloadsA...Management)
21. LDAP Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
22. LaTeX Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
23. Mass Assignment (https://github.com/swisskyrepo/PayloadsA...Assignment)
24. Memory Exhaustion (DoS) (https://github.com/swisskyrepo/PayloadsA...%20Service)
25. NoSQL Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
26. ORM Leak (https://github.com/swisskyrepo/PayloadsA...ORM%20Leak)
27. Open URL Redirect (https://github.com/swisskyrepo/PayloadsA...20Redirect)
28. Prompt Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
29. Prototype Pollution (https://github.com/swisskyrepo/PayloadsA...0Pollution)
30. Race Condition (https://github.com/swisskyrepo/PayloadsA...0Condition)
31. Regular Expression DoS (ReDoS) (https://github.com/swisskyrepo/PayloadsA...Expression)
32. SAML Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
33. SQL Injection (SQLi) (https://github.com/swisskyrepo/PayloadsA...0Injection)
34. Server Side Include Injection (https://github.com/swisskyrepo/PayloadsA...n)/Request Forgery (https://github.com/swisskyrepo/PayloadsA...)/Template Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
35. SMTP Header Injection (https://www.acunetix.com/blog/articles/e...-injection)
36. Tabnabbing (https://github.com/swisskyrepo/PayloadsA...Tabnabbing)
37. Type Juggling (https://github.com/swisskyrepo/PayloadsA...20Juggling)
38. Web Cache Deception (https://github.com/swisskyrepo/PayloadsA...0Deception)
39. XPATH (https://github.com/swisskyrepo/PayloadsA...tion)/XSLT (https://github.com/swisskyrepo/PayloadsA...ction)/XSS (https://github.com/swisskyrepo/PayloadsA...ction)/XXE Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
40. Zip Slip Command Execution (https://github.com/snyk/zip-slip-vulnerability)
Bug Bounty Cheat Sheet, Ver.1.0.
1. Account Takeover (ATO) (https://github.com/swisskyrepo/PayloadsA...20Takeover)
2. API Key and Token Leaks (https://github.com/swisskyrepo/PayloadsA...ey%20Leaks)
3. Bypass Upload Tricky (https://github.com/swisskyrepo/PayloadsA...re%20Files)
4. Clickjacking (https://github.com/swisskyrepo/PayloadsA...ickjacking)
5. Client Side Path Traversal (CSPT) (https://github.com/swisskyrepo/PayloadsA...0Traversal)
6. Command Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
7. Content Injection (https://github.com/EdOverflow/bugbounty-...jection.md)
8. CORS (https://github.com/swisskyrepo/PayloadsA...ion)/OAuth (https://github.com/swisskyrepo/PayloadsA...figuration) Misconfiguration
9. CRLF Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
10. CSV Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
11. Cross-Site WebSocket Hijacking (CSWSH) (https://github.com/swisskyrepo/PayloadsA...s)/Request Forgery (CSRF/XSRF) (https://github.com/swisskyrepo/PayloadsA...%20Forgery)
12. DNS Rebinding (https://github.com/swisskyrepo/PayloadsA...0Rebinding)
13. DOM Clobbering (https://github.com/swisskyrepo/PayloadsA...Clobbering)
14. Dependency Confusion (https://github.com/swisskyrepo/PayloadsA...0Confusion)
15. Directory Traversal (https://github.com/swisskyrepo/PayloadsA...0Traversal)
16. External Variable Modification (https://github.com/swisskyrepo/PayloadsA...dification)
17. File Inclusion/LFI (https://github.com/swisskyrepo/PayloadsA...0Inclusion)
18. GraphQL Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
19. HTTP Request Smuggling (https://github.com/swisskyrepo/PayloadsA.../Parameter Pollution (HPP) (https://github.com/swisskyrepo/PayloadsA...0Pollution)
20. Insecure Deserialization (https://github.com/swisskyrepo/PayloadsA...on)/Direct Object References (https://github.com/swisskyrepo/PayloadsA...Management Interface (https://github.com/swisskyrepo/PayloadsA...Randomness (https://github.com/swisskyrepo/PayloadsA...ss)/Source Code Management (https://github.com/swisskyrepo/PayloadsA...Management)
21. LDAP Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
22. LaTeX Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
23. Mass Assignment (https://github.com/swisskyrepo/PayloadsA...Assignment)
24. Memory Exhaustion (DoS) (https://github.com/swisskyrepo/PayloadsA...%20Service)
25. NoSQL Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
26. ORM Leak (https://github.com/swisskyrepo/PayloadsA...ORM%20Leak)
27. Open URL Redirect (https://github.com/swisskyrepo/PayloadsA...20Redirect)
28. Prompt Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
29. Prototype Pollution (https://github.com/swisskyrepo/PayloadsA...0Pollution)
30. Race Condition (https://github.com/swisskyrepo/PayloadsA...0Condition)
31. Regular Expression DoS (ReDoS) (https://github.com/swisskyrepo/PayloadsA...Expression)
32. SAML Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
33. SQL Injection (SQLi) (https://github.com/swisskyrepo/PayloadsA...0Injection)
34. Server Side Include Injection (https://github.com/swisskyrepo/PayloadsA...n)/Request Forgery (https://github.com/swisskyrepo/PayloadsA...)/Template Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
35. SMTP Header Injection (https://www.acunetix.com/blog/articles/e...-injection)
36. Tabnabbing (https://github.com/swisskyrepo/PayloadsA...Tabnabbing)
37. Type Juggling (https://github.com/swisskyrepo/PayloadsA...20Juggling)
38. Web Cache Deception (https://github.com/swisskyrepo/PayloadsA...0Deception)
39. XPATH (https://github.com/swisskyrepo/PayloadsA...tion)/XSLT (https://github.com/swisskyrepo/PayloadsA...ction)/XSS (https://github.com/swisskyrepo/PayloadsA...ction)/XXE Injection (https://github.com/swisskyrepo/PayloadsA...0Injection)
40. Zip Slip Command Execution (https://github.com/snyk/zip-slip-vulnerability)