# daffainfo/allaboutbugbounty **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/daffainfo-allaboutbugbounty).** 6,644 stars · 1,246 forks ## Links - GitHub: https://github.com/daffainfo/AllAboutBugBounty - awesome-repositories: https://awesome-repositories.com/repository/daffainfo-allaboutbugbounty.md ## Topics `bug` `bugbounty` `bugbountytips` `bypass` `hacking` `infosec` `payload` `payloads` `penetration-testing` `pentest` `reconnaissance` `security` `vulnerability` ## Description AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access controls, two-factor authentication, CAPTCHA protections, rate limiting, and web application firewalls, as well as methods for exploiting OAuth misconfigurations, JWT vulnerabilities, and NoSQL injection. The collection also addresses denial of service attacks, file inclusion and upload exploitation, CSRF crafting, and reconnaissance techniques using Google, GitHub, and Shodan dorks. It provides guidance on discovering scope, detecting exposed metadata, and exploiting business logic flaws such as coupon code abuse, refund manipulation, and currency arbitrage. ## Tags ### Security & Cryptography - [Web Application Security Testing Guides](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-security-testing-guides.md) — Serves as a comprehensive guide for web application security testing with curated payloads. - [Business Logic Security](https://awesome-repositories.com/f/security-cryptography/business-logic-security.md) — Covers manipulation of application workflows for unauthorized actions like price tampering. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Cross-Site Request Forgery Protections](https://awesome-repositories.com/f/security-cryptography/cross-site-request-forgery-protections.md) — Documents crafting cross-site request forgery exploits to force authenticated users to execute unintended actions. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [File Upload Security](https://awesome-repositories.com/f/security-cryptography/file-upload-security.md) — Covers techniques for uploading malicious files that bypass server-side validation. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Upload Filter Bypass Payloads](https://awesome-repositories.com/f/security-cryptography/file-upload-security/upload-filter-bypass-payloads.md) — Documents methods for bypassing file upload restrictions through header and extension manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Arbitrary%20File%20Upload.md)) - [Authentication Bypass](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/policy-enforcement-engines/authentication-bypass.md) — Documents authentication bypass techniques as a primary focus of the collection. - [System Restriction Bypasses](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/access-restriction-workarounds/sandbox-restriction-bypasses/system-restriction-bypasses.md) — Documents methods for bypassing HTTP 403 restrictions by manipulating request headers and paths. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)) - [JWT Exploitation Techniques](https://awesome-repositories.com/f/security-cryptography/jwt-claim-validation/jwt-exploitation-techniques.md) — Documents JWT manipulation techniques for privilege escalation and impersonation. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Multi-Factor Authentication Bypass Testing](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-bypass-testing.md) — Documents techniques for circumventing two-factor authentication using session hijacking or code reuse. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [WAF Bypass Payloads](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/web-application-firewalls/waf-bypass-payloads.md) — Provides WAF-specific payloads to evade Cloudflare, Cloudfront, Imperva, and other web application firewalls. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [XSS](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/web-application-firewalls/waf-bypass-payloads/xss.md) — Provides WAF-specific payloads to deliver cross-site scripting attacks by evading security filters. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [Operator Injection Bypasses](https://awesome-repositories.com/f/security-cryptography/nosql-user-authentication/operator-injection-bypasses.md) — Documents using MongoDB operators to bypass authentication in NoSQL-backed applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)) - [OAuth Providers](https://awesome-repositories.com/f/security-cryptography/oauth-providers.md) — Covers exploitation of OAuth misconfigurations for unauthorized access. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [OAuth Misconfiguration Exploits](https://awesome-repositories.com/f/security-cryptography/oauth-providers/oauth-misconfiguration-exploits.md) — Documents OAuth misconfiguration exploitation for account takeover and resource access. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [OAuth Scope Escalation via Tampering](https://awesome-repositories.com/f/security-cryptography/oauth-scope-restrictions/oauth-scope-escalation-via-tampering.md) — Provides techniques for escalating OAuth privileges by tampering with scope parameters. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)) - [OAuth Email Parameter Tampering](https://awesome-repositories.com/f/security-cryptography/passkey-authentication/unified-passkey-and-oauth-sign-in-flows/oauth-email-parameter-tampering.md) — Documents techniques for hijacking accounts by tampering with email parameters in OAuth flows. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)) - [Forgot Password Flows](https://awesome-repositories.com/f/security-cryptography/password-management/forgot-password-flows.md) — Documents abuse of password reset flows for account takeover via token prediction. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Logic Abuse Techniques](https://awesome-repositories.com/f/security-cryptography/request-tampering-middleware/logic-abuse-techniques.md) — Documents parameter tampering techniques to abuse business logic for unauthorized access or pricing manipulation. - [Exploit Crafting](https://awesome-repositories.com/f/security-cryptography/security/ai-and-machine-learning/prompt-injection-testing/exploit-crafting.md) — Provides techniques for crafting CSRF exploits targeting JSON endpoints via cross-origin requests. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)) - [CSRF](https://awesome-repositories.com/f/security-cryptography/security/ai-and-machine-learning/prompt-injection-testing/exploit-crafting/csrf.md) — Provides methods for crafting CSRF exploits using HTML forms, JSON, and multipart requests. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)) - [CSRF Proof-of-Concept Generators](https://awesome-repositories.com/f/security-cryptography/security/ai-and-machine-learning/prompt-injection-testing/exploit-crafting/csrf-proof-of-concept-generators.md) — Provides methods for generating CSRF proof-of-concept exploits for various request types. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)) - [Filter Bypasses](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/injection-exploitation-techniques/filter-bypasses.md) — Provides techniques for bypassing file inclusion filters using encoding and wrapper methods. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)) - [Header and Method Manipulations](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/path-access-restrictions/path-access-restrictions/header-and-method-manipulations.md) — Provides techniques for bypassing HTTP 403 access controls through header and method manipulation. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [CSRF Token Bypasses](https://awesome-repositories.com/f/security-cryptography/session-authentication/session-token-validation/csrf-token-bypasses.md) — Covers techniques for bypassing CSRF token validation through value alteration and method switching. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)) - [Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/token-based-authentication/bypass-techniques.md) — Provides techniques for manipulating or forging authentication tokens to bypass access controls. - [Authentication Disabling](https://awesome-repositories.com/f/security-cryptography/two-factor-authentication/authentication-disabling.md) — Documents techniques for disabling two-factor authentication without confirmation or authorization. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) - [Unauthorized 2FA Disabling](https://awesome-repositories.com/f/security-cryptography/two-factor-authentication/authentication-disabling/unauthorized-2fa-disabling.md) — Documents techniques for disabling two-factor authentication without proper authorization. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) - [URI Scheme Exploitation Techniques](https://awesome-repositories.com/f/security-cryptography/uri-scheme-exploitation-techniques.md) — Documents techniques for exploiting alternative URI schemes to access internal services via SSRF. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)) - [Account Takeover Exploits](https://awesome-repositories.com/f/security-cryptography/user-account-management/account-takeover-exploits.md) — Documents a wide range of techniques for taking over user accounts through various attack vectors. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Vulnerability Assessment and Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing.md) — Provides a structured methodology for identifying and exploiting web application security flaws. - [Authentication Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/authentication-bypass-techniques.md) — Provides comprehensive authentication bypass techniques as a core reference resource. - [Local File Inclusion Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/local-file-inclusion-payloads.md) — Documents local file inclusion payloads for reading or executing files on the server's filesystem. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Operator Injection Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/nosql/operator-injection-techniques.md) — Provides techniques for exploiting NoSQL operator injection to bypass authentication and extract data. - [Remote File Inclusion Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/remote-file-inclusion-payloads.md) — Covers injection of external URLs into file inclusion parameters for remote code execution. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)) - [OAuth Account Takeover](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/account-takeover-techniques/oauth-account-takeover.md) — Documents OAuth account takeover via email registration abuse. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) - [Cross-Site Scripting Vulnerabilities](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/injection-vulnerabilities/cross-site-scripting-vulnerabilities.md) — Provides a comprehensive collection of cross-site scripting payloads and exploitation techniques. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Mass Assignment Vulnerabilities](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/mass-assignment-vulnerabilities.md) — Covers mass assignment vulnerabilities where user input modifies unintended object properties. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Filter Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ssrf-techniques/filter-bypass-techniques.md) — Provides techniques for obfuscating internal hostnames and IP addresses to evade SSRF filters. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)) - [HTTP Method Tuning IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/access-bypass-tools/http-method-tuning-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through HTTP method tuning. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Identifier Manipulation IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/access-bypass-tools/identifier-manipulation-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through identifier manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Feature Restriction Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/account-management/premium/feature-restriction-bypass-techniques.md) — Documents techniques for bypassing premium feature restrictions. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)) - [Endpoint Manipulation IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/agent-endpoint-access-control/endpoint-manipulation-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through endpoint manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Version Downgrade IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/authorization-bypass-testing/version-downgrade-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through version downgrade. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Broken Link Hijacking Detection](https://awesome-repositories.com/f/security-cryptography/broken-link-hijacking-detection.md) — Documents hijacking broken links by registering expired domains referenced by the application. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Broken%20Link%20Hijacking.md)) - [Tabnabbing Exploits](https://awesome-repositories.com/f/security-cryptography/browser-exploitation/tabnabbing-exploits.md) — Documents tabnabbing as a specific browser exploitation technique for bug bounty testing. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Two-Factor Code Brute Forcing](https://awesome-repositories.com/f/security-cryptography/brute-force-protections/two-factor-code-brute-forcing.md) — Documents techniques for brute-forcing two-factor authentication codes to bypass verification. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) - [Character-by-Character Data Extraction](https://awesome-repositories.com/f/security-cryptography/character-escaping/character-by-character-data-extraction.md) — Documents blind NoSQL injection techniques for extracting data character by character. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)) - [Default Credential Lookups](https://awesome-repositories.com/f/security-cryptography/default-credential-lookups.md) — Covers using default credentials to gain unauthorized access during security testing. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Payload-Based Exhaustion Techniques](https://awesome-repositories.com/f/security-cryptography/denial-of-service-prevention/payload-based-exhaustion-techniques.md) — Provides payloads and techniques for exhausting server resources through oversized requests and high-volume attacks. - [Email Spoofing Exploits](https://awesome-repositories.com/f/security-cryptography/email-sender-authentication/email-spoofing-exploits.md) — Documents techniques for exploiting misconfigured SPF/DMARC to spoof email sender addresses. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [XSS via File Upload Bypasses](https://awesome-repositories.com/f/security-cryptography/file-upload-security/upload-filter-bypass-payloads/xss-via-file-upload-bypasses.md) — Documents techniques to bypass XSS filters by embedding payloads in file upload metadata. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [Google Dorking Techniques](https://awesome-repositories.com/f/security-cryptography/google-account-osint/google-dorking-techniques.md) — Documents techniques for using Google search operators to discover vulnerable web pages and exposed information. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Absolute URL Override Techniques](https://awesome-repositories.com/f/security-cryptography/host-header-validations/absolute-url-override-techniques.md) — Documents a specific technique for bypassing host header validation using absolute URLs. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)) - [Header Duplication Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/host-header-validations/header-duplication-bypass-techniques.md) — Documents a specific technique for bypassing host header validation using header duplication. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)) - [Header Wrapping Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/host-header-validations/header-wrapping-bypass-techniques.md) — Documents a specific technique for bypassing host header validation using header wrapping. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)) - [Host Header Injections](https://awesome-repositories.com/f/security-cryptography/host-header-validations/host-header-injections.md) — Documents host header injection techniques for manipulating password reset flows and cache poisoning. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)) - [Override Header Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/host-header-validations/override-header-bypass-techniques.md) — Documents a specific technique for bypassing host header validation using override headers. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)) - [HTTP 403 Restriction Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/access-restriction-workarounds/sandbox-restriction-bypasses/system-restriction-bypasses/http-403-restriction-bypass-techniques.md) — Documents techniques for bypassing HTTP 403 access control restrictions. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [CSRF Email Change Exploits](https://awesome-repositories.com/f/security-cryptography/identity-access-management/identity-management/user-management/user-profile-management/email-address-management/csrf-email-change-exploits.md) — Documents CSRF exploitation techniques to change victim email addresses and hijack accounts. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) - [Stolen Token Reuse Exploits](https://awesome-repositories.com/f/security-cryptography/jwt-generation/oauth-token-exchanges/stolen-token-reuse-exploits.md) — Documents a specific OAuth attack where stolen tokens are reused to authenticate without re-authorization. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)) - [Rate Limit Bypass for 2FA](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-bypass-testing/rate-limit-bypass-for-2fa.md) — Documents rate limit bypass techniques for brute-forcing two-factor authentication codes. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) - [Expired 2FA Code Reuse](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-bypass-testing/rate-limit-bypass-for-2fa/expired-2fa-code-reuse.md) — Documents a specific 2FA bypass technique where expired verification codes are reused. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) - [Response Tampering Bypasses](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-bypass-testing/response-tampering-bypasses.md) — Documents techniques for modifying server responses to bypass restrictions like two-factor authentication. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)) - [Case Mutation XSS Bypasses](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/web-application-firewalls/waf-bypass-payloads/case-mutation-xss-bypasses.md) — Documents case mutation techniques to bypass WAF rules and deliver cross-site scripting attacks. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [Authorization Code Reuse Exploits](https://awesome-repositories.com/f/security-cryptography/oauth-2-0-authorization-flows/authorization-code-reuse-exploits.md) — Documents a specific OAuth attack where authorization codes are captured and replayed to hijack sessions. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)) - [Encoding-Based Filter Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/payload-encoders/encoding-based-filter-bypass-techniques.md) — Documents techniques for bypassing input filters through encoding. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)) - [Injection IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/permission-systems/wildcard/injection-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through wildcard injection. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Rate Abuse Techniques](https://awesome-repositories.com/f/security-cryptography/rate-limiting-abuse-prevention/rate-abuse-techniques.md) — Documents techniques for overwhelming servers by exploiting missing rate limiting to cause denial of service. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)) - [Encoding-Based Bypasses](https://awesome-repositories.com/f/security-cryptography/redirect-validation/encoding-based-bypasses.md) — Documents encoding-based techniques to bypass redirect validation filters in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)) - [Content Manipulation IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/remote-access-management/content-access-controllers/content-manipulation-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through content manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Encoding-Based XSS Bypasses](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/injection-exploitation-techniques/filter-bypasses/encoding-based-xss-bypasses.md) — Documents encoding techniques to bypass input sanitization and execute cross-site scripting attacks. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [RFI Parameter Filter Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/injection-exploitation-techniques/filter-bypasses/rfi-parameter-filter-bypass-techniques.md) — Documents techniques for bypassing input filters on remote file inclusion parameters. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)) - [Reflected File Download Exploits](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/file-download-permissions/reflected-file-download-exploits.md) — Documents reflected file download attacks via malicious URL construction. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reflected%20File%20Download.md)) - [Path Manipulation IDOR Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/path-access-restrictions/path-manipulation-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through path manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Case Manipulation Bypasses](https://awesome-repositories.com/f/security-cryptography/security/utilities/wordlist-generators/case-transformations/case-manipulation-bypasses.md) — Documents case manipulation techniques to bypass access control rules in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)) - [Server-Side Include Injections](https://awesome-repositories.com/f/security-cryptography/server-side-include-injections.md) — Documents server-side include injection techniques for executing commands and reading files. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Server-Side Include Injection](https://awesome-repositories.com/f/security-cryptography/server-side-template-injection-detection/server-side-include-injection.md) — Documents injecting server-side include directives for file inclusion and command execution. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Include%20Injection.md)) - [Security Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/session-token-refreshers/session-persistence/security-bypass-techniques.md) — Documents techniques for maintaining sessions after security changes to bypass authentication upgrades. - [Source Code Exposure Techniques](https://awesome-repositories.com/f/security-cryptography/source-code-vulnerability-scanning/source-code-exposure-techniques.md) — Documents techniques for exposing source code via misconfigurations as part of bug bounty reconnaissance. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Token Pattern Analyzers](https://awesome-repositories.com/f/security-cryptography/token-generation/token-pattern-analyzers.md) — Provides techniques for analyzing password reset token generation patterns to predict or forge valid tokens. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)) - [URL Obfuscators](https://awesome-repositories.com/f/security-cryptography/traffic-obfuscation/url-obfuscators.md) — Documents URL obfuscation techniques using special characters to evade access control checks. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)) - [2FA Code Reuse Exploits](https://awesome-repositories.com/f/security-cryptography/user-account-management/2fa-code-reuse-exploits.md) — Documents a specific 2FA bypass technique where codes are reused across different user accounts. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) - [IDOR in Password Changes](https://awesome-repositories.com/f/security-cryptography/user-account-management/password-resets/idor-in-password-changes.md) — Documents IDOR exploitation in password change endpoints to reset other users' passwords. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) - [IDOR Password Change Exploits](https://awesome-repositories.com/f/security-cryptography/user-account-management/password-resets/idor-password-change-exploits.md) — Documents IDOR exploitation techniques to reset other users' passwords without authorization. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) - [NoSQL-Based Username Enumeration](https://awesome-repositories.com/f/security-cryptography/username-enumerations/nosql-based-username-enumeration.md) — Provides techniques for enumerating valid usernames using NoSQL injection operators. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)) - [Session Persistence Bypasses](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/authentication-bypass-techniques/session-hijacking/session-persistence-bypasses.md) — Documents session persistence bypass techniques for maintaining access after 2FA is enabled. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) - [Blind NoSQL Injection Tests](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/nosql/blind-nosql-injection-tests.md) — Provides techniques for detecting blind NoSQL injection through time delays and response analysis. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)) - [Parameter Pollution in Password Resets](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/password-reset-vulnerabilities/parameter-pollution-in-password-resets.md) — Documents parameter pollution in password reset flows to bypass validation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)) - [Reset Code Brute Forcing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/password-reset-vulnerabilities/reset-code-brute-forcing.md) — Covers techniques for brute-forcing password reset codes to hijack user accounts. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)) - [OAuth State Validation Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/web-session-management/session-state-validation/oauth-state-validation-bypass-techniques.md) — Documents techniques for bypassing OAuth state validation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)) ### Part of an Awesome List - [Bug Bounty Resources](https://awesome-repositories.com/f/awesome-lists/learning/bug-bounty-resources.md) — Provides a curated collection of bug bounty techniques and payloads for security testing. - [Reconnaissance Techniques](https://awesome-repositories.com/f/awesome-lists/learning/bug-bounty-resources/reconnaissance-techniques.md) — Provides reconnaissance techniques for mapping attack surfaces in bug bounty programs. - [Attack Payloads and Wordlists](https://awesome-repositories.com/f/awesome-lists/security/attack-payloads-and-wordlists.md) — Compiles attack payloads for testing web application security controls and filters. - [CAPTCHA Solving](https://awesome-repositories.com/f/awesome-lists/security/captcha-solving.md) — Covers techniques for automating the solving of CAPTCHA challenges during security testing. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Cross Site Request Forgery](https://awesome-repositories.com/f/awesome-lists/security/cross-site-request-forgery.md) — Ships a comprehensive collection of CSRF exploitation techniques and payloads for web application testing. - [CSRF Protection Tools](https://awesome-repositories.com/f/awesome-lists/security/csrf-protection-tools.md) — Provides techniques for bypassing CSRF protection by removing or reusing tokens. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)) - [File Inclusion](https://awesome-repositories.com/f/awesome-lists/security/file-inclusion.md) — Provides a curated set of file inclusion payloads and techniques for exploiting LFI and RFI vulnerabilities. - [Insecure Direct Object References](https://awesome-repositories.com/f/awesome-lists/security/insecure-direct-object-references.md) — Provides techniques for exploiting insecure direct object references to access unauthorized resources. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Open Redirect](https://awesome-repositories.com/f/awesome-lists/security/open-redirect.md) — Covers injection of crafted values into redirect parameters to bypass domain whitelists. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)) - [Reconnaissance and Dorking](https://awesome-repositories.com/f/awesome-lists/security/reconnaissance-and-dorking.md) — Provides reconnaissance techniques for mapping attack surfaces using dorking and scanning. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Reconnaissance and Mapping](https://awesome-repositories.com/f/awesome-lists/security/reconnaissance-and-mapping.md) — Provides guidance on identifying and enumerating in-scope targets and assets for bug bounty programs. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Server Side Request Forgery](https://awesome-repositories.com/f/awesome-lists/security/server-side-request-forgery.md) — Covers forging server-side requests to bypass firewalls and access internal services. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [SQL Injection](https://awesome-repositories.com/f/awesome-lists/security/sql-injection.md) — Provides a comprehensive collection of SQL injection payloads and exploitation techniques. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Web Cache Poisoning](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning.md) — Provides techniques for poisoning web caches by manipulating unkeyed headers. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)) - [Cache Deception Techniques](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/cache-deception-techniques.md) — Documents techniques for deceiving web caches to expose sensitive information or serve malicious content. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Header Injection Exploitations](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/header-injection-exploitations.md) — Documents techniques for injecting HTTP headers to corrupt web caches and serve malicious content. - [Unkeyed Header Manipulations](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/unkeyed-header-manipulations.md) — Provides a curated collection of techniques for exploiting unkeyed HTTP headers to poison web caches. - [Chained Unkeyed Header Exploits](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/unkeyed-header-manipulations/chained-unkeyed-header-exploits.md) — Provides techniques for chaining unkeyed headers to poison web caches and redirect users. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)) - [HTML Context XSS Payloads](https://awesome-repositories.com/f/awesome-lists/security/xss-injection/html-context-xss-payloads.md) — Documents XSS injection techniques specifically for HTML context, including tag and attribute escaping. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [JavaScript Context XSS Payloads](https://awesome-repositories.com/f/awesome-lists/security/xss-injection/javascript-context-xss-payloads.md) — Documents XSS injection techniques specifically for JavaScript context, including string and code block escaping. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)) - [GitHub Dorking Techniques](https://awesome-repositories.com/f/awesome-lists/devtools/github-clients/github-dorking-techniques.md) — Documents techniques for using GitHub search queries to discover exposed secrets and sensitive data. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [CRLF Injection](https://awesome-repositories.com/f/awesome-lists/security/crlf-injection.md) — Documents CRLF injection techniques for manipulating HTTP responses and splitting requests. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CRLF%20Injection.md)) - [Header Injection](https://awesome-repositories.com/f/awesome-lists/security/header-injection.md) — Documents header injection techniques for manipulating server-side behavior and cache poisoning. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)) - [Email Header Injection in Reset Flows](https://awesome-repositories.com/f/awesome-lists/security/header-injection/email-header-injection-in-reset-flows.md) — Documents injecting CC headers in password reset requests to intercept reset links. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)) - [OAuth Open Redirect Exploits](https://awesome-repositories.com/f/awesome-lists/security/open-redirect/oauth-open-redirect-exploits.md) — Documents open redirect exploitation in OAuth flows for token exfiltration. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)) - [Default Credential Databases](https://awesome-repositories.com/f/awesome-lists/security/security-references/default-credential-databases.md) — Includes methods for testing default credentials as part of security assessment workflows. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Default%20Credentials.md)) - [Access Control Bypass via Cache Poisoning](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/access-control-bypass-via-cache-poisoning.md) — Documents web cache poisoning techniques to bypass access controls and serve forbidden content. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)) - [Denial of Service Techniques](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/denial-of-service-techniques.md) — Documents techniques for poisoning caches with malformed headers to deny service to legitimate users. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)) - [Semicolon Injection Exploits](https://awesome-repositories.com/f/awesome-lists/security/web-cache-poisoning/header-injection-exploitations/semicolon-injection-exploits.md) — Documents semicolon injection to bypass cache rules and cache private responses. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Deception.md)) ### Content Management & Publishing - [Cache Poisoning Exploits](https://awesome-repositories.com/f/content-management-publishing/q-a-content-strategies/cache-poisoning-exploits.md) — Provides techniques for exploiting web cache poisoning via unkeyed headers and host manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)) ### Data & Databases - [Injection-Based Content Extraction](https://awesome-repositories.com/f/data-databases/database-content-querying/injection-based-content-extraction.md) — Documents extracting database content through SQL injection techniques for bug bounty testing. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)) - [Schema Enumeration via Injection](https://awesome-repositories.com/f/data-databases/column-value-extraction/schema-enumeration-via-injection.md) — Documents enumerating database schemas through injection techniques for targeted exploitation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)) - [NoSQL Injection Automation Tools](https://awesome-repositories.com/f/data-databases/database-enumeration-tools/nosql-injection-automation-tools.md) — Provides automated tools for exploiting NoSQL injection vulnerabilities in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)) - [Cache Deception Exploits](https://awesome-repositories.com/f/data-databases/key-value-stores/append-only-log-stores/cache-deception-exploits.md) — Documents cache deception via extension appending to expose private responses. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Deception.md)) - [Cache Slot Seizure Exploits](https://awesome-repositories.com/f/data-databases/performance-caching-systems/page-caching-controls/http-cache-headers/cache-slot-seizure-exploits.md) — Documents a specific web cache poisoning technique where cache slots are hijacked via host header injection. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)) ### Development Tools & Productivity - [Exposed VCS Directory Detection](https://awesome-repositories.com/f/development-tools-productivity/dynamic-configuration-providers/dynamic-provider-registration/device-capability-registrations/remote-capability-querying/vcs-metadata-querying/exposed-vcs-directory-detection.md) — Provides techniques for detecting exposed version control directories that leak source code. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Exposed%20Source%20Code.md)) - [Database](https://awesome-repositories.com/f/development-tools-productivity/shell-command-execution/database.md) — Provides techniques for executing operating system commands through database shell features. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)) - [Server-Side Include Exploits](https://awesome-repositories.com/f/development-tools-productivity/shell-command-execution/server-side-include-exploits.md) — Documents SSI injection techniques for executing shell commands on vulnerable servers. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Include%20Injection.md)) ### DevOps & Infrastructure - [Rate Limit Bypassing](https://awesome-repositories.com/f/devops-infrastructure/api-service-management/api-management/rate-limit-bypassing.md) — Documents techniques for circumventing request rate limits to perform brute-force or denial-of-service attacks. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [PHP Wrapper Command Execution](https://awesome-repositories.com/f/devops-infrastructure/remote-command-execution/php-wrapper-command-execution.md) — Documents techniques for executing remote commands via PHP wrappers in file inclusion vulnerabilities. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)) - [Header-Based Rate Limit Bypass Techniques](https://awesome-repositories.com/f/devops-infrastructure/api-service-management/api-management/rate-limit-bypassing/header-based-rate-limit-bypass-techniques.md) — Documents techniques for bypassing rate limits using header manipulation. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)) - [Missing Rate Limit Exploitation for 2FA](https://awesome-repositories.com/f/devops-infrastructure/api-service-management/api-management/rate-limit-bypassing/missing-rate-limit-exploitation-for-2fa.md) — Documents exploitation of missing rate limits on two-factor authentication endpoints. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) - [Payload Manipulation Bypasses](https://awesome-repositories.com/f/devops-infrastructure/api-service-management/api-management/rate-limit-bypassing/payload-manipulation-bypasses.md) — Documents payload manipulation techniques to evade rate-limit detection in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)) - [Request Variation Bypasses](https://awesome-repositories.com/f/devops-infrastructure/api-service-management/api-management/rate-limit-bypassing/request-variation-bypasses.md) — Documents request variation techniques to evade rate-limit detection in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)) - [2FA Code Extraction](https://awesome-repositories.com/f/devops-infrastructure/response-parsing-utilities/json-response-parsers/2fa-code-extraction.md) — Documents extracting 2FA codes from server responses as a method to bypass authentication. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)) ### Networking & Communication - [Remote File Inclusion Exploits](https://awesome-repositories.com/f/networking-communication/remote-file-downloads/remote-file-inclusion-exploits.md) — Documents remote file inclusion techniques for executing arbitrary code on vulnerable servers. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Encoded Address Bypasses](https://awesome-repositories.com/f/networking-communication/network-reliability-diagnostics/network-filtering/ip-address-filters/encoded-address-bypasses.md) — Documents encoded address techniques to bypass SSRF filters in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)) ### Artificial Intelligence & ML - [Account Re-registration Exploits](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/passwords-mfa/password-re-authentication/account-re-registration-exploits.md) — Documents a specific account takeover technique via re-registration with a victim's email. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)) ### Business & Productivity Software - [Delivery Charge Tampering](https://awesome-repositories.com/f/business-productivity-software/fixed-charges/delivery-charge-tampering.md) — Documents techniques for tampering with delivery charge parameters to reduce or eliminate payment amounts. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)) - [Logic Abuse Techniques](https://awesome-repositories.com/f/business-productivity-software/promotional-coupon-systems/logic-abuse-techniques.md) — Documents techniques for abusing coupon code logic to apply discounts beyond intended limits. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)) - [Logic Abuse Techniques](https://awesome-repositories.com/f/business-productivity-software/refund-processing-engines/logic-abuse-techniques.md) — Documents techniques for abusing refund logic to retain access or obtain multiple refunds. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)) ### Web Development - [Directory Traversal Exploits](https://awesome-repositories.com/f/web-development/api-management-tools/api-development-management/web-apis/file-reading/directory-traversal-exploits.md) — Documents methods for reading arbitrary server files through directory traversal in file inclusion parameters. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)) - [Parameter Injection IDOR Bypass Techniques](https://awesome-repositories.com/f/web-development/api-management-tools/api-request-handling/request-parameter-modifiers/parameter-injection-idor-bypass-techniques.md) — Documents techniques for bypassing IDOR protections through parameter injection. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)) - [Open Redirect Exploits](https://awesome-repositories.com/f/web-development/external-site-redirections/open-redirect-exploits.md) — Documents methods for exploiting open redirect vulnerabilities to redirect users to malicious sites. ([source](https://cdn.jsdelivr.net/gh/daffainfo/allaboutbugbounty@master/README.md)) - [Access Control Bypass Encodings](https://awesome-repositories.com/f/web-development/url-encoding-libraries/access-control-bypass-encodings.md) — Documents URL encoding techniques to bypass access control checks in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)) - [URL Parsing Trick Bypasses](https://awesome-repositories.com/f/web-development/url-routing/redirection-rules/geographic-redirection/url-redirections/url-parsing-trick-bypasses.md) — Documents URL parsing trick techniques to bypass redirect filters in web applications. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)) - [Domain Filter Bypass Techniques](https://awesome-repositories.com/f/web-development/url-routing/redirection-rules/redirect-resolvers/redirect-bypassers/domain-filter-bypass-techniques.md) — Documents techniques for bypassing domain filters in open redirect vulnerabilities. ([source](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md))