https://github.com/pen4uin/bug-bounty

list of bug bounty writeups

How to become a Bug Bounty Hunter

"To follow the master、become the master."

漏洞案例

• Account Takeover
• CRLF
• Code Injection
• Command Injection
• ClickJacking
• Deserialization
• Host Collision
• Host Header Injection
• JSONP
• Info Disclosure
• Open Redirect
• Path Traversal
• SOAP
• SQL Injection
• SSRF
• Subdomain Takeover
• XSS
• XXE
• 403 Bypass

经验参考

• 年轻人如何挖掘第一个RCE
• 漏洞挖掘赏金猎人的目标选择
• How to become a Bug Bounty Hunter
• 如何成为一名漏洞赏金猎人