Skip to main content

Web

General

These are just some notes about "WEB" bug bounty. I use to write down stuff which I either learne...

Authentication

Password Reset functionality For testing multiple email ID: email=victim@tld.xyz&email=victim...

IDOR

API-1-2019: Testing for IDOR/Broken object level authorization: Difficulty: Easy Tips: Don't bli...

HTTP Parameter poisoning

Different Tech has different ways of accepting the parameter passed. This is because there is no ...

CORS

Cross origin resource sharing This can used to retrieve data from API/websites which shouldn't b...

graphql

Kind of Similar to SQL Since it's a standard to request and organize data. Usually the endpoi...
Back to top