Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • Buscar

    Cargado por

    MartinBlanco
    29 vistas3 páginas
    bunch of links and info

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    TXT, PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento
    bunch of links and info

    Copyright:

    © All Rights Reserved
    Descargue como TXT, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    29 vistas3 páginas

    Buscar

    Cargado por

    MartinBlanco
    bunch of links and info

    Copyright:

    © All Rights Reserved
    Descargue como TXT, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 3

    Egor Homakov

    5. HTML Injection
    https://hackerone.com/reports/104543
    https://hackerone.com/reports/112935
    https://hackerone.com/reports/110578
    XSS Jigsaw s blog.innerht.ml
    https://hackerone.com/reports/111094
    6. HTTP Parameter Pollution
    https://hackerone.com/reports/105953
    http://www.merttasci.com/blog/twitter-hpp-vulnerability
    https://ericrafaloff.com/parameter-tampering-attack-on-twitter-web-intents
    7. CRLF Injection
    https://hackerone.com/reports/52042
    https://hackerone.com/reports/106427
    8. Cross-Site Request Forgery
    https://www.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005)
    https://hackerone.com/reports/96470
    https://hackerone.com/reports/111216
    https://hackerone.com/reports/127703
    9. Application Logic Vulnerabilities
    https://github.com/rails/rails/issues/5228
    https://hackerone.com/reports/100938
    http://sakurity.com/blog/2015/05/21/starbucks.html
    https://hackerone.com/reports/98247
    https://hackerone.com/reports/106305
    https://hackerone.com/reports/128088
    https://community.rapid7.com/community/infosec/blog/2013/03/27/1951-open-s3-buck
    ets
    https://digi.ninja/projects/bucket_finder.php
    https://hackerone.com/reports/128085
    https://blog.it-securityguard.com/bugbounty-yahoo-phpinfo-php-disclosure-2/
    https://hackerone.com/reports/137503
    https://hackerone.com/reports/119871
    10. Cross-Site Script Attack
    https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
    https://hackerone.com/reports/106293
    https://hackerone.com/reports/95089
    https://hackerone.com/reports/104359
    https://klikki.fi/adv/yahoo.html
    http://zombiehelp54.blogspot.ca/2015/09/how-i-found-xss-vulnerability-in-google.
    html
    https://blog.it-securityguard.com/bugbounty-the-5000-google-xss
    11. SQL Injection
    https://hackerone.com/reports/31756
    12. Open Redirect Vulnerabilities
    https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
    https://hackerone.com/reports/101962
    https://hackerone.com/reports/103772
    https://hackerone.com/reports/111968
    13. Subdomain Takeover
    https://hackerone.com/reports/109699
    https://hackerone.com/reports/114134
    http://philippeharewood.com/swiping-facebook-official-access-tokens
    14. XML External Entity Vuln (XXE)
    https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
    http://www.silentrobots.com/blog/2014/09/02/xe-cheatsheet
    https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-producti
    on-servers
    http://www.attack-secure.com/blog/hacked-facebook-word-document
    15. Remote Code Execution
    http://nahamsec.com/exploiting-imagemagick-on-yahoo/
    16. Template Injection
    https://hackerone.com/reports/125027
    hackerone.com/reports/125980
    https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2
    https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii
    https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752
    17. Server Side Request Forgery
    http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-me
    ta-data/
    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
    18. Memory
    https://en.wikipedia.org/wiki/Heartbleed
    https://developer.apple.com/library/mac/documentation/Security/Conceptual/Secure
    CodingGuide/Articles/BufferOverflows.html
    https://en.wikipedia.org/wiki/Buffer_overflow
    https://en.wikipedia.org/wiki/NOP_slide
    https://www.owasp.org/index.php/Buffer_Overflow
    http://heartbleed.com
    https://www.owasp.org/index.php/Buffer_Overflows
    https://www.owasp.org/index.php/Reviewing_Code_for_Buffer_Overruns_and_Overflows
    https://www.owasp.org/index.php/Testing_for_Buffer_Overflow_(OTG-INPVAL-014)
    https://www.owasp.org/index.php/Testing_for_Heap_Overflow
    https://www.owasp.org/index.php/Testing_for_Stack_Overflow
    https://www.owasp.org/index.php/Embedding_Null_Code
    https://bugs.php.net/bug.php?id=69545
    http://bugs.python.org/issue24481
    http://curl.haxx.se/docs/adv_20141105.html
    https://bugs.php.net/bug.php?id=69453
    19. Getting Started
    Knockpy + EyeWitness
    ZAP proxy - Burp suite
    Firefox
    Wappalyzer
    Test Instagram https://www.youtube.com/watch?v=dsekKYNLBbc
    20. Vulnerability Report
    The URL and any affected parameters used to find the vulnerability
    A description of the browser, operating system (if applicable) and/or app versio
    n
    A description of the perceived impact. How could the bug potentially be exploite
    d?
    Steps to reproduce the error

    También podría gustarte