BBRE Premium
  • Case Studies
  • Archive by issues
  • Courses
  • Archive by category
  • Account
Select Page

Even more ways to bypass URL validation

#59, Hacking Techniques

You are unauthorized to view this page.

How to actually find a DNS rebinding SSRF?

#30, Server-side hacking techniques

You are unauthorized to view this page.

Java’s fantastic URL class

#29, Server-side hacking techniques

You are unauthorized to view this page.

Trailing dot domain bypasses

#29, Server-side hacking techniques

You are unauthorized to view this page.

Inconsistencies in major URL standard specs

#28, Hacking Techniques

You are unauthorized to view this page.

Recent Posts

  • How to make money for DoS bugs? DoS case study
  • Who should worry about prompt injections?
  • Almost $19k for bugs in browser extensions
  • XSS with script CSP bypass
  • Unminify JS with AI

categories

  • AI
  • Articles by Issue
  • Bug Bounty
  • Burp
  • Case Studies
  • Challenges
  • Cheat sheets
  • Client-side hacking techniques
  • Cloud
  • Hacking Techniques
  • Labs
  • Mobile
  • Non-technical
  • Recon
  • Server-side hacking techniques
  • Source code
  • Tools
  • Web3
  • Writeups

tags

.net (2) 2fa (1) account-takeover (10) api (2) aws (4) cache-poisoning (7) cicd (2) cloud (2) codeql (7) cors (3) crypto (1) csrf (6) ctf (6) cve (3) debugging (4) dependency-confusion (1) deserialisation (2) dns (2) free (266) ghactions (3) graphql (5) idor (2) java (7) js (16) json (2) learning (2) mongodb (1) nuclei (1) path-traversal (2) postmessage (2) premium (120) proto-pollution (4) python (4) qa (1) rails (2) rce (14) regex (3) request-smuggling (5) rpc (1) ruby (3) salesforce (2) secrets (5) semgrep (3) session (1) sqli (5) ssrf (18) ssti (1) talks (6) terminal (4) unicode (1) urls (5) vscode (2) waf (4) web3 (7) websockets (3) wordpress (3) xml (2) xss (25)

Categories

  • Facebook
  • X
© Bug Bounty Reports Explained Grzegorz Niedziela 2022. Company registration number: PL6751745962