Book of BugBounty Tips
  • Introduction
  • OSINT / Recon
  • API
  • Cross Site Request Forgery (CSRF)
  • Server Side Request Forgery (SSRF)
  • Sensitive Information Disclosure
  • Cross Site Scripting (XSS)
  • CRLF
  • Remote Code Execution (RCE)
  • Email Bypass
  • File Upload
  • Open Redirect
  • Insecure Direct Object Reference (IDOR)
  • Injection
  • XXE
  • Local / Remote File Inclusion
  • Authentication / Authorization
  • Account Takeover
  • Application Login
  • Clickjacking
  • Parameter Pollution
  • Fuzzing
  • Application Logic Bypasses
  • Bypasses
  • Mobile
  • Password Reset
  • Web Cache
  • Server Side Template Injection
  • Tips from @EdOverflow
  • Tips From @intigriti
  • Hackpack From @yeswehack
  • Tips from @YogoshaOfficial
  • Tips from @Jhaddix
  • Tips from Ben (@nahamsec)
  • Tips from Other Sources
  • Tips from Blog posts / other hunters
  • Others
  • Bugbounty Related Websites / Blogs
  • Docker and k8s
  • Tweets Collection by @Pentesterland
  • Windows
  • Linux
  • Burp suite
  • Scope Based Recon Tips
Powered by GitBook
On this page

Mobile

PreviousBypassesNextPassword Reset

Last updated 4 years ago

Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields. Payout: $4,500! 😎👍 — xer0dayz (@xer0dayz)

- AndroidHackingMonth

Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields. Payout: $4,500!

this helped me alot: In case a program has an Android/IOS app, extract endpoints and add those to your wordlists before running directory bruteforce on the subdomains list. You'll be surprised to see the results

#bugbounty
pic.twitter.com/JvP4jN8Zha
June 24, 2018
When trying to backup an android app without root privileges for vulnerabilities, you need to know the package name but you don't have access to the /data directory. Run --> aapt dump badging abc.ap
https://twitter.com/Hacker0x01/status/1229869424628420608
#bugbounty
#BugBountyTip
If you found exposed broadcast receiver in android app. Reverse the app and investigate it...it may give you access to private shared pref using object deserialization and may lead to account take over!
Android tip: wifi passwords are in /data/misc/wifi/wpa_supplicant.conf