infosecwriteups.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-25.
Bug Bounty 30
SSRF 20
XSS 9
AuthN 8
AuthZ 8
Burp 7
OSINT 7
RCE 7
Recon 7
API Sec 6
GraphQL 6
IDOR 6
AI 5
SQLi 4
Mobile 3
Talks 2
CSRF 1
Secrets 1
SSTI 1
Supply Chain 1
XXE 1
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-25 2026 | TryHackMe — Mr. Robot CTF | Full Write-UpAuthZBug Bounty | Platform: TryHackMe Room: Mr. Robot CTF Difficulty: Medium Author: Shikhali Jamalzade ( @alisalive ) Date: May 2026 Tags: #CTF #TryHackMe #WordPress #PrivilegeEscalation #PenTest #MrRobot “Give a man ... |
| 2026-06-25 2026 | I Wasted 3 Days Intercepting a Flutter App. Here’s What Actually Works.BurpMobile | The author spent three days attempting to intercept traffic from a Flutter app for security assessment using various tools and techniques like Burp Suite, Objection, ReFlutter, custom CA installation, VPN interception, and Frida scripts. Despite these efforts, all methods resulted in the app displaying a "no internet" error, rather than typical SSL or certificate warnings. The author found that none of the common approaches were successful in capturing the app's traffic. |
| 2026-06-20 2026 | VulnHub — sunset: dawn | Full WalkthroughBug Bounty | This VulnHub machine, "sunset: dawn" by @whitecr0wz, is a beginner-to-intermediate Debian GNU/Linux 10 machine. The walkthrough details an attack path starting with SMB enumeration. This leads to discovering a writable share, which is directly mapped to a directory used by a root-owned cron job. This vulnerability allows for uploading a reverse shell. No bug bounty payout amount is mentioned. |
| 2026-06-20 2026 | Web-RTA Exam Writeup — Passed | CyberWarFare LabsBug Bounty | The Web-RTA (Web Red Team Analyst) certification from CyberWarFare Labs is a practical, black-box exam focusing on web application penetration testing. It features two live web applications and requires capturing 16 flags, testing real-world vulnerabilities. The exam is designed for beginner to intermediate skill levels and does not include theoretical or multiple-choice questions. No bug bounty payout amount is mentioned in this content. |
| 2026-06-20 2026 | CRTA Exam Writeup — Passed | CyberWarFare LabsBug Bounty | The CRTA (Certified Red Team Analyst) exam from CyberWarFare Labs is a practical, black-box assessment focused on hands-on red teaming. The certification requires users to compromise machines within a live lab environment and collect flags, with no theoretical questions. Success is determined solely by achieving root access and flag retrieval. |
| 2026-06-20 2026 | Phone Numbers and Emails to Hidden Subdomains: The OSINT Acquisition Pipeline That Uncovered a…OSINT | Phone Numbers and Emails to Hidden Subdomains: The OSINT Acquisition Pipeline That Uncovered a Critical Bug A deep technical blog on using phone numbers and email addresses to discover hidden domains,... |
| 2026-06-20 2026 | “Bug Bounty Bootcamp #48: OAuth + XSS ”AuthNBug BountyXSS | This "Bug Bounty Bootcamp #48" article, titled "OAuth + XSS," explores a potent combination of vulnerabilities: OAuth and Cross-Site Scripting (XSS). The content suggests that by leveraging these two, attackers can achieve account takeovers, effectively describing it as an "ultimate account takeover one-two punch." The article is part of a series and can be found on InfoSec Write-ups. No specific bounty payout amount is mentioned. |
| 2026-06-20 2026 | BITSCTF 2026 Writeups | OSINT And Steganography / Forensics ChallengesOSINT | This summary details solutions for OSINT and Steganography challenges from BITSCTF 2026. Tools like zsteg, cyberchef, reverse image search, strings, and exiftool were employed. One OSINT challenge involved identifying a "major event" in Copenhagen in early 2024, described by unusual geometric structures near a river. The event's difficulty was rated 6.5/10. No bug bounty payout amount was mentioned. |
| 2026-06-20 2026 | Breaking Down Two Simple Vulnerabilities That Exposed A School’s Admission RecordsBug BountyIDOR | Security researchers discovered data-exposure vulnerabilities on a school's website, revealing sensitive admission records containing PII like names, emails, and addresses. The `/print-form.php?app_number=` endpoint was vulnerable to Insecure Direct Object Reference (IDOR), allowing access to records by manipulating application numbers. |
| 2026-06-19 2026 | I Pentested a Real CRM System and Found 4 Critical Vulnerabilities — Here’s the Full Attack ChainBug Bounty | The author, Shikhali Jamalzade, conducted a pentest on a real CRM system with explicit authorization. They discovered and successfully chained four critical vulnerabilities, demonstrating a complete attack path. Sensitive details were redacted to protect the organization. No specific bounty payout amount is mentioned in this excerpt. |
| 2026-06-19 2026 | VulnHub — Shenron: 1 | Full WalkthroughBug Bounty | This VulnHub machine, "Shenron: 1" by Shubham Mandloi, is an easy to medium difficulty Ubuntu 20.04.1 LTS target. The walkthrough details a penetration test starting with credentials found in an HTML comment. This leads to a Remote Code Execution vulnerability via a malicious extension upload within a misconfigured Joomla CMS. The ultimate goal is achieving full root access on the system. |
| 2026-06-19 2026 | TryHackMe — Blog CTF | Full Write-UpRCE | This TryHackMe room, "Blog," is a medium-difficulty CTF focused on a WordPress blog run by "Billy Joel." The challenge features CVE-2019–8942, a WordPress image crop Remote Code Execution vulnerability, alongside a custom binary for privilege escalation. The write-up details the steps to exploit these vulnerabilities to gain access and complete the room. No bounty payout amount is mentioned. |
| 2026-06-19 2026 | “Bug Bounty Bootcamp #46: Not Allowed From Your IP?”AuthN | This article from InfoSec Write-ups, "Bug Bounty Bootcamp #46: Not Allowed From Your IP?", details advanced techniques for bypassing authentication barriers in bug bounty hunting. The methods discussed include IP spoofing, brute-force attacks, and mass assignment, all aimed at gaining unauthorized access. The focus is on exploiting authentication vulnerabilities to overcome access restrictions. No specific bug bounty payout amount is mentioned in the provided text. |
| 2026-06-19 2026 | Building a Hackbot for Bug Bounties — Auth Testing Subagent SetupBug Bounty | If you have been keeping up with the current state of Bug Bounties on X, you probably heard that some hunters are making small fortunes using their own custom-made hackbots to aid them in Bug Bounty H... |
| 2026-06-19 2026 | I almost ordered a product for free. (Business Logic Vulnerability)AuthZ | Security engineer Sumeet Mahadik discovered a business logic vulnerability that nearly allowed him to order a product for free. While the exact method isn't detailed, the vulnerability presented an opportunity for significant savings. The content is the beginning of a blog post where Mahadik intends to explain his findings. No bounty payout amount is mentioned. |
| 2026-06-19 2026 | BEARCAT CTF 2026 WRITEUPSOSINT | Flag Format: BCCTF{} #1.RIVER RAIDER (OSINT) For this challenge, we were given a picture of a rogue pirate ship sailing through a river, and we needed to find the name of the bridge right behind it. I... |
| 2026-06-19 2026 | Build an IDOR Vulnerability Lab: Why WHERE Clauses Don’t Protect Your API.API SecIDOR | Last time we covered SQL injection . I promised IDOR was next. Today you are going to see why a WHERE clause alone will not save you. When you learn about backend APIs feeding your frontend, you are r... |
| 2026-06-19 2026 | “Bug Bounty Bootcamp #47: Account Takeover 101 — How to Steal Everyone’s Account (Legally)”AuthZIDOR | This article, "Bug Bounty Bootcamp #47: Account Takeover 101," explains that hackers don't need advanced skills to achieve account takeovers. Common vulnerabilities like Insecure Direct Object References (IDOR), insecure invite links, or misconfigured "role" fields can be exploited. The piece encourages readers to learn these techniques legally through bug bounty programs. No specific payout amount is mentioned. |
| 2026-06-17 2026 | TryHackMe — Break Out The Cage | Full Write-UpBug BountyRecon | This TryHackMe room, "Break Out The Cage," is an easy-level challenge designed by Shikhali Jamalzade. The room features a Nicolas Cage theme and incorporates several real-world attack techniques. These include anonymous FTP access, multi-layer cryptography, SSH lateral movement, and cron-based command injection. No bug bounty payout amount is mentioned in the provided content. |
| 2026-06-17 2026 | TryHackMe — Checkmate | Full WalkthroughAuthZBug BountyOSINT | The TryHackMe "Checkmate" room, an easy-difficulty lab by Shikhali Jamalzade, focuses on password attacks, OSINT, and privilege escalation within a simulated internal network compromise. It challenges users to exploit weak password practices of an IT Operations employee, Marco Bianchi, to gain access to various internal systems, including a firewall and SSH. The walkthrough guides participants through these steps. |
| 2026-06-17 2026 | Bug Bounty Bootcamp #45: Token?API SecAuthN | In Bug Bounty Bootcamp #45, a critical vulnerability is highlighted: a password reset function that inadvertently leaks the magic token in its API response. This discovery poses a significant security risk, potentially allowing unauthorized access. The article suggests that developers may have even left an endpoint that directly provides this sensitive token, exacerbating the vulnerability. Further details on this insecure implementation and its implications can be found on InfoSec Write-ups. No specific bounty payout amount was stated. |
| 2026-06-17 2026 | The Crime Blue Team Lab (CyberDefenders)OSINT | This CyberDefenders Blue Team challenge, "The Crime," involves analyzing a victim's phone, seized as evidence in a murder investigation. The objective is to reconstruct the events leading up to the incident by meticulously examining gathered information. Key tools for this analysis include ALEAPP and sqlitebrowser. The content does not mention any bug bounty payout amounts. |
| 2026-06-17 2026 | CAT Reloaded CTF — CATF 2025 — DFIR ChallengesOSINT | The author successfully solved 4 out of 5 Digital Forensics and Incident Response (DFIR) challenges at the CAT Reloaded CTF — CATF 2025. A writeup detailing their solutions is available on their GitBook account. The first challenge, "Index of Secrets," required retrieving a Windows search database file located at "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb." The writeup focuses on the technical steps involved in solving these DFIR puzzles. No bug bounty payout amount was mentioned. |
| 2026-06-17 2026 | Mastery Hunt: Hidden API Endpoints — A Deep Dive into API Bug Bounty Recon & ExploitationAPI SecBug BountyRecon | This article focuses on API security testing as a crucial aspect of bug bounty hunting, highlighting APIs as a prime target for discovering sensitive data and business logic flaws. It details the process of finding, analyzing, and exploiting hidden API endpoints for bug bounty and penetration testing. The initial phase covered is "Surface Reconnaissance," which involves passive methods for identifying the API attack surface. The content emphasizes the significant value and potential found within API vulnerabilities. |
| 2026-06-17 2026 | The Intelligent Shield. OpenCTIAI | "The Intelligent Shield" proposes an AI-driven enrichment approach for OpenCTI, moving beyond manual threat intelligence. It addresses data fragmentation and lack of context in cyber attacks by utilizing automated machine learning pipelines. This system aims to transform raw threat data into high-confidence intelligence, enabling security teams to effectively manage the overwhelming volume of information and respond to sophisticated threats. |
| 2026-06-16 2026 | Silent Breach Lab Writeup (CyberDefenders)Talks | This writeup details a blue team challenge from CyberDefenders involving a silent breach at the IMF. The scenario centers on recovering compromised, unreadable data by creating a forensic image of a server. The challenge involves analyzing Windows Mail artifacts, specifically Microsoft HxStore.hxd. The participant is tasked with uncovering crucial information through forensic analysis and decoding. No specific bug bounty payout amount is mentioned in the provided content. |
| 2026-06-16 2026 | Connectors CTF 2025 — DFIR ChallengesTalks | This is a write-up detailing the solution of three Digital Forensics and Incident Response (DFIR) challenges from CONCTF 2025. The author successfully solved all three independently. One challenge involved a malicious document file, "Invoice_Q1–2021.doc," which was treated like a zip archive to extract its contents and reveal the malicious elements. No specific payout amounts were mentioned. |
| 2026-06-16 2026 | My Instructor Said “You Can’t Get a Shell.” I Got Root. — Full Web Pentest Exam Write-UpBug BountyRCE | This write-up details a successful penetration test of the VanguardCorp Hotel Management System, a CTF/exam environment. Despite an instructor's assertion that a shell was impossible, the author achieved root access. The assessment was conducted under MilliSec LLC supervision in an isolated lab network on May 24, 2026, involving no real user data. |
| 2026-06-13 2026 | I Simulated an SSH Brute-Force Attack on My Ubuntu Server — Here’s How Fail2Ban Stopped ItAuthN | The author details setting up an attack lab to simulate SSH brute-force attempts against their Ubuntu server. The primary focus is on observing how Fail2Ban functions to detect and automatically block repeated failed login sequences. The article aims to provide a practical understanding of Fail2Ban's effectiveness in protecting against such attacks. No bug bounty payout amount is mentioned. |
| 2026-06-13 2026 | Beyond the Patch: Understanding the SonicWall SSL-VPN MFA Bypass ExposureAuthN | A SonicWall SSL-VPN vulnerability, CVE-2024–12802, allows attackers to bypass Multi-Factor Authentication (MFA). The flaw lies in how SSL-VPN handles UPN and SAM account formats separately. Attackers can exploit alternative login formats to circumvent MFA, even when it seems active. This issue affects SonicWall Gen6 SSL-VPN devices and has been linked to ransomware attacks. The content does not state a specific bug bounty payout amount. |
| 2026-06-13 2026 | Header Manipulation: Bypasses, Probing, and the Security Audit Nobody DoesAPI SecAuthZ | Request headers are not mere metadata but critical inputs that can be manipulated. Attackers exploit this to bypass access controls, probe for misconfigurations, spoof identities, and test security. This article delves into header manipulation techniques frequently encountered in penetration testing platforms, emphasizing their role in security assessments. |
| 2026-06-13 2026 | Six levels, one lesson: LLMs cannot keep a secretAIXSS | GitHub's Secure Code Game Season 3, a six-level challenge, demonstrates that Large Language Models (LLMs) cannot keep secrets. The game involves prompt injection attacks against vulnerable AI assistants designed to hide information. Players craft attacks to extract these secrets, highlighting that system prompts are not a security measure. The content focuses on hands-on learning of AI security principles through this open-source, browser-based game. No bounty payout amounts are mentioned. |
| 2026-06-13 2026 | DVWA Cheat Sheet (Low & Medium)Bug BountyBurpSQLi | This cheat sheet focuses on brute-forcing the Damn Vulnerable Web Application (DVWA) at low and medium security levels. The method involves capturing a GET request using Burp Suite after obtaining an error message from an initial username/password test. This request is then sent to Burp Intruder. By clearing existing parameters and selecting the password field, users can configure it for brute-force attacks, preparing to input payloads for password cracking. |
| 2026-06-13 2026 | IEEE Victoris 4.0 — CTF 2025 — Quals DFIR ChallengesBug BountyOSINT | This writeup details the author's first-blood achievement in two DFIR challenges from IEEE Victoris 4.0 — CTF 2025 Quals. The first challenge, "the Frontdoor," involved analyzing a Linux disk image. By examining `.zsh_history` and `.bash_history`, the author discovered file navigation and Git activity within a `/home/Documents/MyProject` directory, providing initial clues for the investigation. |
| 2026-06-12 2026 | Building Another Vulnerable Lab — SSRF.SSRF | This blog post is a follow-up to a previous one, detailing how to build a Server-Side Request Forgery (SSRF) lab. The author will guide readers through setting up this vulnerable environment, which will be added to their GitHub repository. The post begins by defining SSRF as a vulnerability where an attacker can cause a server to make unintended requests. |
| 2026-06-12 2026 | Android App Penetration Testing: From APK Decompilation to Runtime Exploitation [Tools and Labs]Mobile | This article introduces the fundamentals of Android penetration testing, covering essential tools and their usage. It emphasizes the necessity of an Android virtual device or a physical device for practical application. The author, while not an expert, aims to provide a useful guide for beginners. The content highlights Android Studio as the official Integrated Development Environment (IDE) for this process. No bug bounty payout amounts are mentioned. |
| 2026-06-12 2026 | Hacking Into A Server Through FTPRCE | This article explores the continued vulnerability of servers still using FTP (File Transfer Protocol). It highlights how this outdated protocol can be a gateway for attackers to gain unauthorized access to sensitive data and systems. The piece likely details the methods used in such attacks and emphasizes the importance of migrating to more secure alternatives to prevent potential breaches. |
| 2026-06-12 2026 | Hacking a Fortune 500 Finance Company via Envoy Proxy MisconfigurationIDOR | A security researcher discovered a vulnerability at a Fortune 500 finance company by exploring their websites. While most domains required SSO credentials, a sister website accessible via Google Dorking allowed verified authors to publish articles. This avenue was initially used to understand the company's systems. The content doesn't mention a specific bug bounty payout amount. |
| 2026-06-12 2026 | Analyzing CVE-2026-32743: PX4 MAVLink Buffer Overflow DoSSupply Chain | The analysis of CVE-2026-32743 highlights a critical vulnerability in PX4's MAVLink implementation, specifically a buffer overflow leading to a Denial of Service (DoS) attack. This is particularly concerning given the increasing use of autonomous drones in civilian sectors, which are now also potential targets in modern conflicts. The widespread deployment of commercial drones exposes a vulnerability in the global supply chain, where platforms used for agriculture and industry could be compromised. The summary does not mention a specific bug bounty payout amount. |
| 2026-06-12 2026 | Making A SQLi Lab Is Not Difficult, Build One With Me.SQLi | This content is the second part of a series on building a SQL injection (SQLi) lab. The author highlights SQLi's intrusiveness, noting that it doesn't require privilege escalation and, in this lab's case, can be exploited without tools like Burp. The author also shares an inside joke about pronouncing "SQL" as "skweel." No specific bug bounty payout amount is mentioned in this excerpt. |
| 2026-06-12 2026 | How I Built a Burp Extension Efficiently with ClaudeAIBurp | Claude significantly streamlined Burp extension development for security researchers. The author used Claude to create an extension that flags non-standard HTTP headers, aiding in the discovery of injection vulnerabilities. By prompting Claude, the author generated an idea and a prototype, demonstrating how AI can overcome the coding hurdles previously associated with extension building. The extension leverages the IANA registry of common HTTP headers as a filtering mechanism. |
| 2026-06-12 2026 | Chaining Stored XSS and CSRF in Typemill CMS: A Deep Dive into Attribute InjectionCSRFXSS | A security assessment of Typemill CMS uncovered a critical vulnerability chain combining Stored XSS and CSRF (CVE-2026–53468). An attacker can bypass frontend validation to inject malicious scripts into page metadata. This allows for the theft of admin sessions by exploiting attribute injection. This vulnerability impacts Typemill, a popular flat-file CMS built on PHP and the Slim framework, and poses a significant risk to its users. |
| 2026-06-12 2026 | AI Security: explanation to Exploitation || Part 1AI | This article introduces AI security, focusing on "jailbreaking" large language models (LLMs) and AI-powered tools. With the widespread adoption of AI in organizations like Meta and Google for task automation, understanding and exploiting vulnerabilities in these systems is becoming crucial. The author plans to delve into the methods and extent of jailbreak exploitation. |
| 2026-06-10 2026 | SQL Injection in Password Reset: Full Database, One EmailAuthNSQLi | A critical SQL injection vulnerability in a password reset function granted a researcher full read access to an entire database, including user records and password hashes. The vulnerability was discovered through a `ukey` parameter in a password reset email. Despite being reported in early 2025, the issue remained live at the time of the report. The researcher was able to extract all data from every table. No specific bounty payout amount was mentioned. |
| 2026-06-10 2026 | How GraphQL Mutation Aliasing Led to a $12,500 DoS Bug in HackerOne’s Account Recovery FlowBug BountyGraphQL | A researcher discovered a Denial of Service (DoS) bug in HackerOne's account recovery process due to a feature in GraphQL called mutation aliasing. This behavior allowed an attacker to trigger multiple, recursive mutations, overwhelming the system and preventing legitimate users from recovering their accounts. HackerOne acknowledged the vulnerability and awarded the researcher $12,500 for their findings. |
| 2026-06-10 2026 | I Found the Entire Admin UI of a Live PlatformJust By Tweaking Traffic in Burp SuiteAuthZBurp | During an internship, Hamza Hashim (refang) discovered a significant security vulnerability on the REDACTED.org internship program portal. By manipulating traffic using Burp Suite, he gained access to the entire administrative user interface of the live platform. This article details one of the findings from his broader bug report submitted to the organization. |
| 2026-06-10 2026 | Zero-Click IP Leak in a Privacy Search Engine: Indirect Prompt Injection & Silent PatchingAI | A security researcher discovered a zero-click IP leak vulnerability in Kagi Search, a privacy-focused search engine. The vulnerability exploited an indirect prompt injection technique using a Markdown trick to deanonymize users. This allowed the attacker to force a victim's browser to reveal their IP address, undermining Kagi's core privacy promise. Kagi Search has since quietly patched the vulnerability, indicating a "Not Applicable" status for the report, which the researcher interprets as a silent fix. No specific bug bounty payout amount was mentioned in the provided content. |
| 2026-06-08 2026 | JavaScript Prototype Pollution Deep Dive : — Reconnaissance, Exploitation & Bug Bounty GuidelineRCEXSS | This article provides a deep dive into JavaScript Prototype Pollution vulnerabilities, explaining the underlying prototype chain and its attack vectors. It covers reconnaissance methodologies, exploitation techniques ranging from XSS to Remote Code Execution (RCE), and real-world bug bounty case studies. The guide also delves into advanced exploit chains, tooling, automation, and defense strategies, offering a production-ready Python scanner. The content focuses on understanding and mitigating this complex JavaScript vulnerability. |
| 2026-06-08 2026 | OSCP Windows Enumeration Checklist: My Complete Privilege Escalation Workflow for Every BoxAuthZ | This article details a comprehensive Windows enumeration workflow for the OSCP certification, focusing on privilege escalation. The author shares their exact process, highlighting key techniques like analyzing WinPEAS output, hunting for credentials, leveraging token abuse, and examining services. The goal is to provide a structured approach for tackling Windows-based machines encountered during the exam, ensuring thoroughness in identifying vulnerabilities and escalating privileges effectively. |
| 2026-06-08 2026 | SPIP RCE + Docker SUID Escape | THM PublisherRCE | This TryHackMe Publisher challenge focuses on exploiting a vulnerable SPIP CMS. The initial steps involve Nmap reconnaissance to identify open ports and services, revealing SPIP CMS running on the target. Subsequent web enumeration using FFUF helps uncover hidden paths within the SPIP-based Community Magazine. The content does not mention a bug bounty payout amount. |
| 2026-06-08 2026 | Update: The Ending of My $500 Loss and Web Cache Poisoning Story.SSRF | The author recounts a personal experience where a $500 loss prompted them to revisit a previously discovered Web Cache Poisoning vulnerability. The initial discovery was documented but later forgotten. This unexpected financial setback led the author back to investigate the bug further, with the aim of resolving outstanding questions and understanding the implications of the vulnerability, ultimately turning a loss into a learning opportunity. |
| 2026-06-08 2026 | The Most Dangerous Security Bug Is the One That Feels Like a FeatureBug Bounty | This article argues that the most dangerous security bugs are those that appear to be legitimate features. Such vulnerabilities are difficult to detect because they don't immediately trigger red flags. The author uses the example of a single click potentially compromising a developer's entire identity to illustrate this point, emphasizing that seemingly benign actions can have catastrophic security consequences if not properly scrutinized. |
| 2026-04-19 2026 | The Art of Breaking OAuth: Real-World Exploits and MisusesAuthN | The Art of Breaking OAuth: Real-World Exploits and Misuses |
| 2026-04-19 2026 | Broken Access Control: The Quiet Killer in Web ApplicationsAuthZ | Broken Access Control: The Quiet Killer in Web Applications |
| 2026-04-16 2026 | Deep Dive into SSTI: Finding and Exploiting Like a ProSSTI | Deep Dive into SSTI: Finding and Exploiting Like a Pro |
| 2026-04-16 2026 | Abusing GraphQL Introspection: A Gateway for Recon and ExploitationGraphQL | Abusing GraphQL Introspection: A Gateway for Recon and Exploitation |
| 2026-04-11 2026 | What is BOLA? 3-digit bounty from TopcoderAPI Sec | What is BOLA? 3-digit bounty from Topcoder |
| 2026-04-10 2026 | From SSRF to RCE: A 7-Step Chain Against PostHogSSRF | From SSRF to RCE: A 7-Step Chain Against PostHog |
| 2026-04-10 2026 | GraphQL Security Flaws and ExploitationGraphQL | GraphQL Security Flaws and Exploitation |
| 2026-04-10 2026 | From Recon to RCE: Hunting React2Shell (CVE-2025-55182)RCE | From Recon to RCE: Hunting React2Shell (CVE-2025-55182) |
| 2026-04-10 2026 | Mastering Blind XSS: Real-World Techniques for High BountiesXSS | Mastering Blind XSS: Real-World Techniques for High Bounties |
| 2026-04-06 2026 | GraphQL Security: How I Found and Exploited Critical IDOR and Authorization BypassGraphQLIDOR | GraphQL Security: How I Found and Exploited Critical IDOR and Authorization Bypass |
| 2026-04-06 2026 | The Complete Beginner's Guide to Bug Bounty ReconnaissanceRecon | The Complete Beginner's Guide to Bug Bounty Reconnaissance |
| 2026-04-06 2026 | How Bug Bounty Hunters Are Using Claude CodeBug Bounty | How Bug Bounty Hunters Are Using Claude Code |
| 2026-04-06 2026 | Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2SQLi | Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2 |
| 2026-04-03 2026 | Comprehensive Bug Bounty Hunting Methodology (2024 Edition)Bug Bounty | Comprehensive Bug Bounty Hunting Methodology (2024 Edition) |
| 2026-04-03 2026 | Hail Frida!! The Universal SSL Pinning Bypass for AndroidMobile | Hail Frida!! The Universal SSL Pinning Bypass for Android |
| 2026-03-02 2026 | Breaking the Trust Boundary: SSRF via a Misconfigured Sentry TunnelSecretsSSRF | Free Article Link: Click for free! |
| 2026-01-29 2026 | How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs) 🤖🔍Bug BountyBurpIDOR | The content titled "How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs)" likely discusses utilizing the Burp Suite tool to automate the discovery of Insecure Direct Object Reference (IDOR) vulnerabilities, leading to the identification of over 20 bugs. The author shares their experience and strategies for leveraging Burp Suite effectively in bug hunting. The content may provide insights into the process of using automation tools for security testing and the successful outcomes achieved through this approach. |
| 2026-01-22 2026 | Recon to Master: The Complete Bug Bounty ChecklistBug BountyRecon | “” is published by 𝙇𝙤𝙨𝙩𝙨𝙚𝙘 in InfoSec Write-ups. |
| 2026-01-22 2026 | My 5-Minute Workflow to Find Bugs on Any WebsiteBug BountyRecon | My 5-Minute Workflow to Find Bugs on Any Website A step-by-step guide to my most effective, shortcut methods for bug bounty hunting. Introduction Hi everyone, welcome back! Today, I’m going to show … |
| 2025-08-14 2025 | HTTP-HOST HEADER ATTACKS. Hi! My name is Hashar Mujahid and today… | by HasBug Bounty | The content discusses HTTP-Host header attacks and is authored by Hashar Mujahid. It seems to provide information or insights related to this type of cyber attack. |
| 2025-08-14 2025 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | InBug Bounty | The content discusses a method to uncover up to 10,000 subdomains using a self-created tool by _Y000_. It likely provides insights or instructions on how to utilize this tool effectively for discovering subdomains efficiently. The focus is on empowering individuals to explore a large number of subdomains using a personalized tool. |
| 2025-08-14 2025 | Mastering the Realm of GraphQL ExploitationGraphQL | The content is titled "Mastering the Realm of GraphQL Exploitation" and appears to focus on the topic of exploiting GraphQL. It suggests a deep dive into understanding and potentially exploiting GraphQL, a query language for APIs. The title implies that the content may cover advanced techniques or strategies for manipulating GraphQL queries to gain unauthorized access or extract sensitive information. |
| 2025-08-14 2025 | How I Found Multiple XSS Vulnerabilities Using Unknown TechniquesXSS | The content discusses the discovery of multiple XSS vulnerabilities through the use of undisclosed techniques. It implies that the author has found a method to identify and exploit these vulnerabilities, potentially showcasing a unique approach to uncovering security flaws. The focus is on the process of discovering XSS vulnerabilities rather than detailing specific techniques or findings. |
| 2025-08-14 2025 | Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters | by Security LXSS | The content titled "Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters" by Security L provides detailed information and guidance on mastering Cross-Site Scripting (XSS) for individuals participating in bug bounty programs. It aims to help bug bounty hunters understand and effectively exploit XSS vulnerabilities to enhance their skills in identifying and reporting security issues. The guide likely covers various aspects of XSS attacks, techniques, prevention methods, and practical examples to equip readers with the knowledge needed to excel in finding and addressing XSS vulnerabilities in web applications. |
| 2025-08-14 2025 | https://infosecwriteups.com/bypassing-character-limit-xss-using-spanned-payload-7301ffac226eXSS | The content discusses a technique to bypass character limits in Cross-Site Scripting (XSS) attacks using a spanned payload. By breaking the payload into smaller parts and using HTML span tags, attackers can evade character restrictions imposed by input fields, allowing them to execute malicious scripts on vulnerable websites. This method enables the injection of longer payloads while avoiding detection, making it a valuable tool for attackers seeking to exploit XSS vulnerabilities. |
| 2025-08-14 2025 | Exploiting Non-Cloud SSRF for More Fun & Profit | by Basavaraj Banakar | InSSRF | The content appears to focus on exploiting Non-Cloud Server-Side Request Forgery (SSRF) for increased enjoyment and financial gain. It is likely a technical article or presentation by Basavaraj Banakar that delves into the methods and implications of leveraging SSRF vulnerabilities outside of cloud environments. The content may provide insights into how SSRF can be used for malicious purposes or for ethical hacking to uncover security weaknesses. It seems to aim at educating readers on the potential risks and rewards associated with exploiting SSRF vulnerabilities in non-cloud settings. |
| 2025-08-14 2025 | Breaking Down SSRF on PDF Generation: A Pentesting GuideSSRF | The content is titled "Breaking Down SSRF on PDF Generation: A Pentesting Guide." It likely discusses the topic of Server-Side Request Forgery (SSRF) in the context of PDF generation and provides a guide for penetration testing related to this issue. The focus is on understanding and potentially exploiting SSRF vulnerabilities in PDF generation processes for security testing purposes. |
| 2025-08-14 2025 | https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfcaSSRF | The content is a walkthrough of a web challenge called "Weather App" from the platform Hack The Box. It provides a step-by-step guide on how to solve the challenge, including identifying vulnerabilities, exploiting them, and gaining access to the target system. The walkthrough covers topics such as reconnaissance, enumeration, exploitation, and privilege escalation. It aims to help readers understand the process of hacking a web application and improving their cybersecurity skills. |
| 2025-08-14 2025 | https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41cSSRF | The content discusses a technique using multiple HTTP redirects to bypass Server-Side Request Forgery (SSRF) protections. By chaining together several HTTP redirects, an attacker can manipulate the server to access internal resources or perform unauthorized actions. This method can be used to exploit vulnerabilities in web applications that are susceptible to SSRF attacks. The article provides insights into how attackers can leverage this technique and offers recommendations for organizations to strengthen their defenses against SSRF vulnerabilities. |
| 2025-08-14 2025 | Beginner Guide To Exploit Server Side Request Forgery (SSRF) VulnerabilitySSRF | The content is a beginner's guide to exploiting Server Side Request Forgery (SSRF) vulnerability. It likely covers the basics of identifying and exploiting SSRF vulnerabilities, which involve manipulating a server to make unauthorized requests on behalf of the attacker. The guide may provide insights into how SSRF vulnerabilities can be leveraged for malicious purposes and the potential risks associated with such exploits. It serves as an introductory resource for individuals looking to understand and potentially exploit SSRF vulnerabilities. |
| 2025-04-11 2025 | Nmap for Beginners: Easy Tips to Scan Networks Like a ProRecon | So, Think this :::: one night when you are trying to sleep , suddenly you imagine what’s happening on your network .. what devices are connected? What services are they running? {JUST 2 AM THOUGHTS… |
| 2025-04-10 2025 | Best Browser Extensions for Bug Hunting and CybersecurityBug BountyBurp | If you are getting into bug hunting or cybersecurity the right tools can make a huge difference. Browser extensions help automate tasks, find hidden vulnerabilities and protect your privacy. Here is… |
| 2025-04-09 2025 | Controlling XSS Using A Secure WebSocket CLI - InfoSec Write-upsXSS | When experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently? Not long ago, I set up an XSS server that serves remote payloads, which can easily… |
| 2025-01-30 2025 | Advanced DNS Attacks: Poisoning and ExploitationRecon | Understanding DNS Vulnerabilities and Practical Techniques for Exploitation and Defense |
| 2024-10-17 2024 | Let’s Understand SSRF vulnerabilitySSRF | The content provides an introduction to understanding SSRF (Server-Side Request Forgery) vulnerability. SSRF is a type of security vulnerability that allows an attacker to manipulate the server into making unauthorized requests on their behalf. This can lead to data breaches, unauthorized access, and other security risks. Understanding SSRF is crucial for developers and security professionals to prevent and mitigate such vulnerabilities in web applications. |
| 2024-10-17 2024 | 👩💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…GraphQLSSRF | The content discusses a talk focusing on cybersecurity in 2022, covering topics such as SSRF, IDOR in GraphQL, GCP Pentesting, and more. The talk highlights the significant value, over $25 billion, that is at risk due to practical attacks on bridges. It emphasizes the importance of understanding and addressing vulnerabilities in cybersecurity to protect valuable assets. |
| 2024-10-17 2024 | 👩💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…Bug BountySSRF | A $600K bounty was awarded due to a business logic flaw in smart contracts. |
| 2024-10-17 2024 | Exploiting: SSRF For Admin AccessSSRF | The content is about exploiting Server-Side Request Forgery (SSRF) vulnerabilities to gain admin access. SSRF allows attackers to make requests on behalf of the server, potentially accessing internal systems or performing unauthorized actions. By manipulating URLs, attackers can trick the server into fetching sensitive data or executing commands. This can lead to unauthorized access to admin interfaces, compromising the system's security. The article likely discusses the risks of SSRF vulnerabilities, the impact on system security, and potential mitigation strategies to prevent such attacks. |
| 2024-10-17 2024 | Server-Side Request Forgery — SSRF: Exploitation TechniqueSSRF | Server-side request forgery (SSRF) is a vulnerability where an attacker can manipulate a server to make unauthorized HTTP requests. This exploitation technique can lead to sensitive data exposure, unauthorized access, and potential server compromise. Preventing SSRF involves input validation, using whitelists, and restricting server access to prevent attackers from exploiting this vulnerability. |
| 2024-10-17 2024 | Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear TextBug BountySSRF | The content discusses a successful bug bounty story where the author and a friend earned approximately $2500 from Cafebazaar by exploiting a Server-Side Request Forgery (SSRF) vulnerability on Zimbra, leading to the exposure of all credentials in clear text. |
| 2024-10-17 2024 | My First Bug: Blind SSRF Through Profile Picture UploadBug BountySSRF | The content is a writeup detailing the discovery of the author's first bug, which involves a blind Server-Side Request Forgery (SSRF) vulnerability through profile picture upload. The author likely shares their experience, the steps taken to identify the bug, and the impact of the vulnerability. This bug could potentially allow an attacker to manipulate the server into making requests on their behalf, leading to unauthorized access or data leakage. The writeup may also include insights on responsible disclosure and the importance of thorough security testing in web applications. |
| 2024-10-17 2024 | Server Side Request Forgery — SSRFSSRF | Server Side Request Forgery (SSRF) is a web vulnerability that enables attackers to manipulate a server to make unauthorized requests. This issue can lead to data leaks, unauthorized access, and potential server exploitation. Preventing SSRF involves input validation, restricting access to sensitive resources, and using secure coding practices. It is crucial for developers and organizations to be aware of SSRF risks and implement robust security measures to mitigate this threat effectively. |
| 2024-10-17 2024 | Vimeo SSRF with code execution potential.RCESSRF | The content discusses the discovery of a semi-responded SSRF vulnerability on Vimeo that potentially allows for code execution. The author shares their process of finding and exploiting this vulnerability in a blog post. |
| 2024-10-17 2024 | Server Side Request Forgery (SSRF) TestingSSRF | The content discusses Server Side Request Forgery (SSRF) testing for fun rather than for a bounty. The author discovered a website vulnerable to SSRF but did not exploit it. The focus is on testing and identifying SSRF vulnerabilities in web applications. |
| 2024-09-21 2024 | XXE : From Zero to HeroXXE | Hello fellow hackers, I hope you all are doing good and learning something new :) . As i said in my RECON blog I will be writing about… |
| 2024-09-14 2024 | Unlocking OAuth SecurityAPI SecAuthN | In this blog, we will uncover the different oauth security implications on both the client applications and the oauth server. |
| 2021-06-05 2021 | Automating Burp Suite -4 | Understanding And Customising Custom Header FromBurp | The content discusses the creation of a Burp Extension using Jython to automate Burp Suite tasks. Specifically, it focuses on adding custom headers to requests. This is the fourth tutorial in the series, emphasizing understanding and customizing custom headers. The tutorial likely provides step-by-step instructions on how to implement this feature within Burp Suite for automated testing and customization purposes. |
| 2021-05-17 2021 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | InBug Bounty | The content discusses creating a tool using bash to discover up to 10,000 subdomains. The tool's development involves programming tasks in bash and breaking them down into parts for better understanding and implementation. |
| 2021-04-15 2021 | Story of a really cool SSRF bug.. Hello all! My name is Vedant, also… | bySSRF | Vedant, also known as Vegeta on Twitter, is a cybersecurity enthusiast and bug bounty hunter. He shares a story about discovering a significant Server-Side Request Forgery (SSRF) bug. This bug showcases his skills in identifying vulnerabilities and his passion for cybersecurity. |
| 2021-04-10 2021 | Intro to Bug Bounty Automation (pt.2): Port Scanning with Slack | InfoSec WBug Bounty | The content discusses using Slack as a communication channel for delegating tasks like port scanning, even though Slack itself cannot perform port scans. It highlights the importance of utilizing automation tools and platforms like Slack to streamline bug bounty processes and improve efficiency in cybersecurity tasks. |