└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # Bug Bounty 101
  2 | 
  3 | ### Recon
  4 | - [渗透测试教程：如何侦查目标以及收集信息？](http://www.4hou.com/penetration/6850.html)
  5 | - [如何高效的进行子域名收集与筛选？](http://www.4hou.com/vulnerable/6713.html)
  6 | - [渗透测试工程师子域名收集指南](http://www.4hou.com/technology/8535.html)
  7 | 
  8 | ### Resources
  9 | - [WooYun WiKi](http://wiki.secbug.net/)
 10 | - [Hacking Resources](https://www.torontowebsitedeveloper.com/hacking-resources)
 11 | - [List of Facebook Bug Bounties ](https://www.facebook.com/notes/phwd/facebook-bug-bounties/707217202701640/)
 12 | - [Bug Bounty Reference](https://github.com/ngalongc/bug-bounty-reference)
 13 | - [Awesome Bug Bounty](https://github.com/djadmin/awesome-bug-bounty)
 14 | 
 15 | ### Get Started
 16 | - [HOW TO BECOME A SUCCESSFUL BUG BOUNTY HUNTER](https://www.hackerone.com/blog/become-a-successful-bug-bounty-hunter)
 17 | - [USEFUL ONLINE RESOURCES FOR NEW HACKERS](https://www.hackerone.com/blog/resources-for-new-hackers)
 18 | - [AMA with bug bounty hunters](https://bugbountyforum.com/ama/)
 19 | - [白帽笔记：我的“一日一洞”高效漏洞挖掘之旅](http://www.freebuf.com/articles/web/111139.html)
 20 | - [白帽采访 | 对话台湾漏洞挖掘达人Orange Tsai](http://www.freebuf.com/column/165736.html)
 21 | - [白帽采访 | 对话香港HackerOne白帽Ron Chan - FreeBuf互联网安全新媒体平台](https://www.freebuf.com/articles/people/178671.html)
 22 | - [HITCON 2016 投影片 - Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞](http://blog.orange.tw/2016/07/hitcon-2016-slides-bug-bounty-hunter.html)
 23 | - [Bug Bounty Methodologies in a Maturing Ecosystem - Jack Cable @ THOTCON](https://www.slideshare.net/JackCable1/bug-bounty-methodologies-in-a-maturing-ecosystem-jack-cable-thotcon-96117852?from_action=save)
 24 | - [Hacking WebApps for fun and profit : how to approach a target?](https://www.slideshare.net/YAboukir1/hacking-webapps-for-fun-and-profit-how-to-approach-a-target)
 25 | 
 26 | ### Open Redirect Vulnerabilities
 27 | - [URL whitelist Bypass](https://joychou.org/web/url-whitelist-bypass.html)
 28 | - [zseano 漏洞赏金猎人系列教程 开放URL重定向](http://blkstone.github.io/2017/12/25/bug-hunter-tutorial-zseano/)
 29 | - [From Open Redirect to Account Takeover](http://www.ninoishere.com/from-open-redirect-to-account-takeover/)
 30 | - [From Open Redirect to Account Takeover Part II](http://www.ninoishere.com/from-open-redirect-to-account-takeover-part-ii/)
 31 | 
 32 | ### OAuth/SAML
 33 | - [从“黑掉GITHUB”学WEB安全开发](https://coolshell.cn/articles/11021.html)
 34 | - [看我如何综合利用3个安全问题成功劫持Flickr账户获得7千美元漏洞赏金](http://www.freebuf.com/articles/web/133848.html)
 35 | - [我如何挖到了一个价值8000美金的Uber漏洞](http://www.freebuf.com/vuls/139021.html)
 36 | - [如何利用OAuth错误配置接管Flickr账号](http://www.freebuf.com/articles/web/150550.html)
 37 | - [看我如何利用SAML漏洞实现Uber内部聊天系统未授权登录](http://www.freebuf.com/news/147086.html)
 38 | 
 39 | ### CRLF Injection
 40 | - [科普 | 什么是CRLF注入攻击？](https://zhuanlan.zhihu.com/p/22953209)
 41 | 
 42 | ### Cross-Site Request Forgery(CSRF)
 43 | - [Neat tricks to bypass CSRF-protection](https://zhuanlan.zhihu.com/p/32716181)
 44 | - [Exploiting JSON CSRF](https://joychou.org/web/exploiting-json-csrf.html)
 45 | 
 46 | ### Cross-Site Scripting(XSS)
 47 | - [雅虎邮箱存储型XSS漏洞，黑客能看任何人的邮件](http://www.freebuf.com/vuls/122455.html)
 48 | - [BBP系列一 人生第一个值钱的XSS漏洞](http://zhchbin.github.io/2016/09/10/A-Valuable-XSS/)
 49 | - [BBP系列二 Uber XSS via Cookie](http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/)
 50 | - [BBP系列三 Hijack the JS File of Uber's Website](http://zhchbin.github.io/2018/12/03/Hijack-the-JS-File-of-Uber-s-Website/)
 51 | - [Uber中的DOM XSS漏洞分析](https://www.anquanke.com/post/id/87286)
 52 | - [挖洞经验 | Oculus CDN服务器的XSS漏洞](https://www.freebuf.com/vuls/191905.html)
 53 | - [挖洞经验 | Facebook CDN服务器的XSS漏洞](https://www.freebuf.com/vuls/191898.html)
 54 | 
 55 | ### Cross-Site Script Inclusion(XSSI)
 56 | - [揭开XSSI攻击的神秘面纱](http://www.freebuf.com/articles/web/87374.html)
 57 | 
 58 | ### Cross-Site WebSocket Hijacking (CSWSH)
 59 | - [跨站WebSocket劫持](https://imcmy.me/cross-site-websocket-hijacking/)
 60 | - [如何全面掌控session?且看WebSocket跨站劫持](http://www.freebuf.com/articles/web/54182.html)
 61 | - [深入理解跨站点WebSocket劫持漏洞的原理及防范](https://www.ibm.com/developerworks/cn/java/j-lo-websocket-cross-site/index.html)
 62 | 
 63 | ### CORS
 64 | - [跨域资源共享(CORS)安全性浅析](http://www.freebuf.com/articles/web/18493.html)
 65 | - [如何利用CORS配置错误漏洞攻击比特币交易所 - 先知社区](https://xz.aliyun.com/t/2702)
 66 | - [cors安全完全指南 - 先知社区](https://xz.aliyun.com/t/2745)
 67 | - [看我如何绕过Yahoo！View的CORS限制策略](http://www.freebuf.com/articles/web/158529.html)
 68 | - [看我如何利用两个漏洞实现雅虎邮箱通讯录信息获取](http://www.freebuf.com/news/160917.html)
 69 | - [看我如何发现价值$10000美金的雅虎Cookie窃取漏洞](http://www.freebuf.com/vuls/159470.html)
 70 | 
 71 | ### JSONP Injection
 72 | - [JSONP注入解析](http://www.freebuf.com/articles/web/126347.html)
 73 | 
 74 | ### postMessage Vulnerabilities
 75 | - [超过百万网站拥有postMessage XSS漏洞](https://www.anquanke.com/post/id/85136)
 76 | - [使用postMessage()和WebSocket重连来窃取你Slack的Token](https://www.anquanke.com/post/id/85634)
 77 | 
 78 | ## GraphQL
 79 | - [我如何找到了Facebook广告服务的信息泄漏漏洞（奖金高达10000美刀）](http://www.freebuf.com/articles/web/138292.html)
 80 | 
 81 | ### Insecure Direct Object References(IDOR)
 82 | - [不安全的直接对象引用漏洞入门指南](www.freebuf.com/news/139375.html)
 83 | - [获取乘客和车主的个人信息？这记Uber逻辑漏洞“组合拳”值得一看](http://www.freebuf.com/vuls/107881.html)
 84 | - [我是如何挖掘热门“约P软件”漏洞的](http://www.freebuf.com/articles/web/157391.html)
 85 | - [看我如何接管OLX的每一条广告](http://www.freebuf.com/vuls/152047.html)
 86 | - [十秒内黑掉Facebook主页？这个漏洞竟然价值1.6万美金（含漏洞分析）](http://www.freebuf.com/news/114727.html)
 87 | - [价值$10000美金的Facebook任意图片删除漏洞](http://www.freebuf.com/vuls/155582.html)
 88 | 
 89 | ### Logic Vulnerabilities
 90 | - [Web安全测试中常见逻辑漏洞解析（实战篇）](http://www.freebuf.com/vuls/112339.html)
 91 | - [挖洞经验 | Facebook商务平台商家管理员账户添加漏洞（ $27,500）](https://www.freebuf.com/vuls/189872.html)
 92 | 
 93 | ### Command Injection
 94 | - [挖洞姿势：浅析命令注入漏洞](http://www.freebuf.com/vuls/139924.html)
 95 | - [挖洞经验 | 看我如何发现Google云开发功能命令注入漏洞（$6000）](http://www.freebuf.com/articles/web/164920.html)
 96 | 
 97 | ### Host Header Attack
 98 | - [利用HTTP host头攻击的技术](http://drops.xmd5.com/static/drops/papers-1383.html)
 99 | - [挖洞经验 | 价值1万美金的谷歌内部主机信息泄露漏洞](http://www.freebuf.com/vuls/143959.html)
100 | - [林林总总的Host Header Attack](https://mp.weixin.qq.com/s?__biz=MzI2NjUwNjU4OA==&mid=2247483858&idx=1&sn=2170052e99a41de3f98a6f1729dba764&chksm=ea8c59e1ddfbd0f7267095ae6da027661993b9d98b06a7d3d1f4c5e11a42cfa741ed7b21826b&scene=0)
101 | 
102 | ### Template Injection
103 | - [服务端模板注入攻击(SSTI)之浅析](http://www.freebuf.com/vuls/83999.html)
104 | - [Yahoo Spring Engine SSTI 远程代码执行漏洞挖掘](http://www.4hou.com/vulnerable/9779.html)
105 | 
106 | ### Sub Domain Takeover
107 | - [看我如何通过子域名接管绕过Uber单点登录认证机制](http://www.freebuf.com/news/141630.html)
108 | 
109 | ### Server Side Request Forgery
110 | - [\[安全科普\]SSRF攻击实例解析](https://www.freebuf.com/articles/web/20407.html)
111 | - [SSRF漏洞详解](http://feei.cn/ssrf)
112 | - [微博某处SSRF可GET SHELL](http://feei.cn/PVE-2016081601)
113 | 
114 | ### XML External Entity Vulnerability
115 | - [看我如何发现Uber合作方网站XXE 0day漏洞并获得9000美元赏金](http://www.freebuf.com/vuls/126603.html)
116 | 
117 | ### Remote Code Execution
118 | - [Yahoo Bug Bounty Part 2 - *.login.yahoo.com Remote Code Execution 遠端代碼執行漏洞](http://blog.orange.tw/2013/11/yahoo-bug-bounty-part-2-loginyahoocom.html)
119 | - [滲透 Facebook 的思路與發現](https://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script/)
120 | - [看我如何找到雅虎的远程代码执行漏洞并获得5500刀奖金](http://www.freebuf.com/vuls/136603.html)
121 | - [【BlackHat 2017 议题剖析】连接的力量：GitHub 企业版漏洞攻击链构造之旅](https://paper.seebug.org/363/)
122 | - [挖洞经验 | 看我如何发现Facebook的$5000美金漏洞](https://www.freebuf.com/articles/web/182500.html)
123 | - [围观orange大佬在Amazon内部协作系统上实现RCE](https://www.anquanke.com/post/id/156078)
124 | 
125 | ### Race Conditions
126 | - [测试Web应用程序中的竞争条件](http://www.freebuf.com/articles/network/107077.html)
127 | 


--------------------------------------------------------------------------------