GitHub - devanshbatham/Awesome-Bugbounty-Writeups: A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Linking pages

GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. https://github.com/trimstray/the-book-of-secret-knowledge 278 comments
GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. https://github.com/trimstray/awesome-ninja-admins 10 comments
GitHub - iLabAcademy/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. https://github.com/iLabAcademy/the-book-of-secret-knowledge 4 comments

Linked pages

Pwning eBay - How I Dumped eBay Japan's Website Source Code - slashcrypto's page https://slashcrypto.org/2018/11/28/eBay-source-code-leak/ 629 comments
$36k Google App Engine RCE - Ezequiel Pereira https://sites.google.com/site/testsitehacking/-36k-google-app-engine-rce 403 comments
How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) | by Marin Moulinier | Medium https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff 291 comments
Into the Borg – SSRF inside Google production network | OpnSec https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ 221 comments
Josip Franjković - archived security blog: Race conditions on Facebook, DigitalOcean and others (fixed) http://josipfranjkovic.blogspot.com/2015/04/race-conditions-on-facebook.html 97 comments
How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc) | by Luke Berner | Medium https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1 95 comments
How I accidentally took down GitHub Actions | Teddy Katz’s Blog https://blog.teddykatz.com/2019/11/12/github-actions-dos.html 90 comments
Stealing Facebook access_tokens using CSRF in device login flow - Josip Franjković https://www.josipfranjkovic.com/blog/hacking-facebook-csrf-device-login-flow 85 comments
How I accidentally found a clickjacking “feature” in Facebook – MalFind https://malfind.com/index.php/2018/12/21/how-i-accidentaly-found-clickjacking-in-facebook/ 43 comments
XSS attacks on Googlebot allow search index manipulation - Tom Anthony https://www.tomanthony.co.uk/blog/xss-attacks-googlebot-index-manipulation/ 40 comments
Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS – The Hacker Blog https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/ 39 comments
Artsploit: [manager.paypal.com] Remote Code Execution Vulnerability http://artsploit.blogspot.com/2016/01/paypal-rce.html 36 comments
XS-Searching Google’s bug tracker to find out vulnerable source code | by Luan Herrera | Medium https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549 31 comments
Race conditions on the web - Josip Franjković https://www.josipfranjkovic.com/blog/race-conditions-on-web 27 comments
Authentication bypass on Uber’s Single Sign-On via subdomain takeover – Arne Swinnen https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/ 24 comments
Discovering a zero day and getting code execution on Mozilla's AWS Network – Assetnote https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/ 23 comments
Making a Blind SQL Injection a Little Less Blind | by TomNomNom | Medium https://medium.com/@tomnomnom/making-a-blind-sql-injection-a-little-less-blind-428dcb614ba8 23 comments
Clickjacking on Google MyAccount Worth 7,500$ – Apapedulimu https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/ 21 comments
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/ 16 comments
XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites - Randy Westergren https://randywestergren.com/xss-vulnerabilities-in-multiple-iframe-busters-affecting-top-tier-sites/ 16 comments