BBRE Premium
  • Case Studies
  • Archive by issues
  • Courses
  • Archive by category
  • Account
Select Page

OAuth #6 – OAuth server-side account takeovers

#86, OAuth

You are unauthorized to view this page.

OAuth #5 – OAuth recon

#85, OAuth

You are unauthorized to view this page.

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)

#82, Server-side hacking techniques

You are unauthorized to view this page.

SignSaboteur: forge signed web tokens with ease

#77, Tools

You are unauthorized to view this page.

Oauth secrets – my NahamCon talk

#77, Client-side hacking techniques

You are unauthorized to view this page.
« Older Entries

categories

  • AI
  • Articles by Issue
  • Bug Bounty
  • Burp
  • Case Studies
  • Challenges
  • Cheat sheets
  • Client-side hacking techniques
  • Cloud
  • Hacking Techniques
  • Labs
  • Mobile
  • Non-technical
  • Recon
  • Server-side hacking techniques
  • Source code
  • Tools
  • Web3
  • Writeups

tags

.net (3) 2fa (1) account-takeover (23) api (2) aws (5) cache-poisoning (9) cicd (2) cloud (2) codeql (8) cors (3) crypto (2) csrf (8) ctf (6) cve (3) debugging (4) dependency-confusion (1) deserialisation (2) dns (2) free (379) ghactions (4) graphql (6) idor (2) java (8) js (21) json (2) learning (2) mongodb (1) nuclei (1) path-traversal (4) postmessage (2) premium (160) proto-pollution (6) python (4) qa (1) rails (2) rce (18) regex (3) request-smuggling (8) rpc (1) ruby (5) salesforce (2) secrets (5) semgrep (3) session (1) sqli (6) ssrf (21) ssti (1) talks (6) terminal (4) unicode (2) urls (5) vscode (2) waf (4) web3 (7) websockets (3) wordpress (4) xml (3) xss (39)

Categories

  • Facebook
  • X
© Bug Bounty Reports Explained Grzegorz Niedziela 2022. Company registration number: PL6751745962