https://wiki.cyberdiary.net/ 2026-06-28T20:04:15+00:00 https://wiki.cyberdiary.net/ https://wiki.cyberdiary.net/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2026-05-14T09:05:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:01_picking_program&rev=1778749508&do=diff Ch 1: Picking a Bug Bounty Program Source: Bug Bounty Bootcamp by Vickie Li (No Starch Press, 2021) Asset Types Bug bounty programs define scope by listing assets -- the systems you are authorized to test. * Social targets -- Twitter/Facebook/LinkedIn pages. Usually out-of-scope because you can't control what users post. text/html 2026-05-14T09:05:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:02_sustaining_success&rev=1778749508&do=diff Ch 2: Sustaining Your Success Source: Bug Bounty Bootcamp by Vickie Li (No Starch Press, 2021) Writing Good Reports A report is how you get paid and build reputation. Bad writing = low payouts + duplicates marked invalid. 8-step report structure: text/html 2026-05-14T09:11:30+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:03_how_internet_works&rev=1778749890&do=diff Ch 3: How the Internet Works Source: Bug Bounty Bootcamp by Vickie Li (No Starch Press, 2021) Client-Server Model Web apps operate on a client-server model. The client (browser) sends HTTP requests; the server processes them and returns responses. text/html 2026-05-14T09:11:30+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:04_env_setup&rev=1778749890&do=diff Ch 4: Environmental Setup and Traffic Interception Source: Bug Bounty Bootcamp by Vickie Li (No Starch Press, 2021) OS Use a Unix-based system. Kali Linux is recommended -- it ships with Burp Suite, Gobuster, DirBuster, Wfuzz, and other tools. macOS also works fine. text/html 2026-05-14T09:48:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:08_clickjacking&rev=1778752117&do=diff BBC Ch 8: Clickjacking Source: Bug Bounty Bootcamp by Vickie Li Clickjacking (user-interface redressing) tricks users into clicking a malicious button that has been made to look legitimate. Attackers use HTML page-overlay techniques to hide one web page within another. text/html 2026-05-14T14:57:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:12_race_conditions&rev=1778770670&do=diff BBC Ch 12: Race Conditions Source: Bug Bounty Bootcamp by Vickie Li How Race Conditions Work A race condition occurs when the security of a system depends on the sequence or timing of events, and that sequence can be disrupted by an attacker. Web applications are particularly vulnerable when they perform a check-then-act sequence without atomic locking: the state can change between the check and the act. text/html 2026-05-14T15:51:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:14_insecure_deserialization&rev=1778773902&do=diff BBC Ch 14: Insecure Deserialization Source: Bug Bounty Bootcamp by Vickie Li Mechanisms Serialization converts a program object into a format (byte stream or string) suitable for storage or network transfer. Deserialization reconstructs the object. Many languages support this: Java, PHP, Python, Ruby. text/html 2026-05-14T15:51:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:15_xxe&rev=1778773902&do=diff BBC Ch 15: XML External Entity (XXE) Source: Bug Bounty Bootcamp by Vickie Li How XXE Works XML documents can define external entities via the DOCTYPE tag: <code xml> <?xml version=“1.0” encoding=“UTF-8”?> <!DOCTYPE example [ <!ENTITY file SYSTEM "file:///etc/shadow"> text/html 2026-05-14T18:02:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:16_template_injection&rev=1778781766&do=diff BBC Ch 16: Server-Side Template Injection (SSTI) Source: Bug Bounty Bootcamp by Vickie Li Template engines (Jinja2, Twig, FreeMarker, ERB, Smarty) combine application data with templates to generate HTML pages. SSTI occurs when user input is concatenated directly into a template string rather than passed in as a safe data variable. text/html 2026-05-14T15:51:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:17_logic_errors&rev=1778773902&do=diff BBC Ch 17: Application Logic Errors and Broken Access Control Source: Bug Bounty Bootcamp by Vickie Li Unlike injection vulnerabilities, logic errors and broken access control are triggered by perfectly valid HTTP requests. No illegal characters or malformed input are needed text/html 2026-05-14T15:51:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:18_rce&rev=1778773902&do=diff BBC Ch 18: Remote Code Execution (RCE) Source: Bug Bounty Bootcamp by Vickie Li RCE lets an attacker execute arbitrary OS commands on the target server. It can be achieved via SQL injection, insecure deserialization, template injection, and two additional vectors covered here: code injection and file inclusion. text/html 2026-05-14T17:53:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:19_sop&rev=1778781205&do=diff BBC Ch 19: Same-Origin Policy (SOP) Vulnerabilities Source: Bug Bounty Bootcamp by Vickie Li The Same-Origin Policy (SOP) restricts scripts on one origin from reading data from another origin. Two URLs share an origin only if they have the same protocol, hostname, and port. Because browsers automatically attach session cookies to every request for a matching domain, the SOP prevents cross-origin scripts from using those cookies to read private data. text/html 2026-05-14T17:53:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:20_sso&rev=1778781205&do=diff BBC Ch 20: Single Sign-On (SSO) Security Issues Source: Bug Bounty Bootcamp by Vickie Li SSO lets users log in once and access multiple services. Three common implementations: cookie sharing, SAML, and OAuth. Each has unique vulnerabilities. Cookie Sharing text/html 2026-05-14T17:53:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:21_info_disclosure&rev=1778781205&do=diff BBC Ch 21: Information Disclosure Source: Bug Bounty Bootcamp by Vickie Li Information disclosure bugs occur when an application exposes data it shouldn't -- version numbers, config files, source code, credentials, internal IPs, or users' private data. These bugs are among the most commonly found during bug bounty hunting. text/html 2026-05-14T17:59:20+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:22_code_reviews&rev=1778781560&do=diff BBC Ch 22: Code Reviews Source: Bug Bounty Bootcamp by Vickie Li Source code review is one of the most effective ways to find vulnerabilities. Even partial access to source code (leaked repos, JS files, open-source components) dramatically increases your attack surface visibility. text/html 2026-05-14T17:59:20+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:23_android_hacking&rev=1778781560&do=diff BBC Ch 23: Android Hacking Source: Bug Bounty Bootcamp by Vickie Li Android apps communicate with the same backend APIs as web apps. Many web vulnerabilities (IDORs, SQLi, XSS, auth bugs) appear in the mobile surface. Android-specific issues include certificate pinning bypass, hardcoded secrets in APKs, and insecure local storage. text/html 2026-05-14T17:59:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:24_api_hacking&rev=1778781559&do=diff BBC Ch 24: API Hacking Source: Bug Bounty Bootcamp by Vickie Li APIs are the backbone of modern web and mobile apps. They often expose the same backend logic with fewer protections than the main web interface. Many programs explicitly include API endpoints in scope. text/html 2026-05-14T18:02:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.cyberdiary.net/doku.php?id=bbc:25_fuzzing&rev=1778781766&do=diff BBC Ch 25: Automated Vulnerability Discovery / Fuzzing Source: Bug Bounty Bootcamp by Vickie Li Top bug bounty hunters automate the majority of their workflow: continuous recon, automated scanning, and immediate verification when a potential vulnerability is flagged. Fuzzing (fuzz testing) drives a large share of new CVE discoveries and is equally applicable to web applications.