Bug Bounty

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

What would you like to happen?
The sections 4.7.11.1 Testing for Local File Inclusion & 4.7.11.2 Testing for Remote File Inclusion address two attack vectors that are very similar one to the other. Given this situation and the few documentation on the Remote injection one, my proposal would be to merge both in a single section called Testing for File Injection.

Here is a simple template for the default administration password on ZyXEL devices. I tested it only on two different ZyXEL devices, the authentication flow and the resulting page may differ on other models, so it needs more tests.

id: zyxel-default-password

info:
  name: ZyXEL Default Password
  author: wtzu
  severity: high
  tags: zyxel

requests:
  - raw:
      - |

Bug Bounty

Here are 713 public repositories matching this topic...

swisskyrepo / PayloadsAllTheThings

blaCCkHatHacEEkr / PENTESTING-BIBLE

shmilylty / OneForAll

dstotijn / hetty

EdOverflow / bugbounty-cheatsheet

OWASP / wstg

Merge the sections 4.7.11.1 & 4.7.11.2

Merge "Testing_for_Vertical_Bypassing_Authorization_Schema" into

Common Platform Enumeration (CPE) naming schema on information gathering process

j3ssie / Osmedeus

commixproject / commix

KathanP19 / HowToHunt

1N3 / IntruderPayloads

EdOverflow / can-i-take-over-xyz

Discourse hosted subdomain takeover possible?

dwisiswant0 / apkleaks

payloadbox / xss-payload-list

devanshbatham / Awesome-Bugbounty-Writeups

projectdiscovery / nuclei-templates

[nuclei-template] default login ZyXEL

codingo / NoSQLMap

projectdiscovery / httpx

vaib25vicky / awesome-mobile-security

TophantTechnology / ARL

ihebski / DefaultCreds-cheat-sheet

Voorivex / pentest-guide

hahwul / WebHackersWeapons

sa7mon / S3Scanner

six2dez / reconftw

inonshk / 31-days-of-API-Security-Tips

haccer / subjack

hisxo / gitGraber

jaeles-project / jaeles

1N3 / Findsploit

daffainfo / AllAboutBugBounty

Related Topics