orangetw / bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
☆51Updated 7 years ago
Related projects: ⓘ
- CVE-2018-7600 - Drupal 7.x RCE☆71Updated 6 years ago
- YSOSERIAL Integration with burp suite☆160Updated last year
- ☆53Updated 7 years ago
- ☆160Updated 6 years ago
- CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script☆135Updated 6 years ago
- Java serialization brute force attack tool.☆123Updated 7 years ago
- Tool for CVE-2018-16323☆80Updated 5 years ago
- Automated Python Code Injection Tool☆85Updated 2 years ago
- A test suite built with Mocha/Chai to test for behavioral differences between image libraries for the web☆68Updated 4 years ago
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆103Updated 6 years ago
- Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.☆112Updated 4 years ago
- poison and relay NTLM credentials☆172Updated 5 years ago
- Hacking Facebook for fun and profit: It’s not that hard, apparently (exclusive)☆60Updated 5 years ago
- Challenge Sources & Exploits for the 34C3 CTF☆114Updated 6 years ago
- Facebook Bug Bounties☆101Updated 3 years ago
- WebLogic Exploit☆141Updated 6 years ago
- CVE-2018-7600 Drupal RCE☆115Updated 6 years ago
- ☆207Updated this week
- Fuzzing for LFI using Burpsuite☆58Updated 7 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆51Updated 7 years ago
- ☆60Updated this week
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆108Updated 5 years ago
- Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true")☆102Updated 4 years ago
- Creates a SOCK proxy server that transmits data over an SSRF vulnerability☆115Updated 12 years ago
- ☆70Updated 6 years ago
- Central Repo for Burp extensions☆146Updated 2 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Updated 5 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆121Updated 6 years ago
- XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.☆137Updated 5 years ago
- ActionScript Proof of Concept to perform cross-domain reads☆45Updated 11 years ago