Bug Bounty Course Content

Cyber Zone Technologies

2020
Priority OWASP Top Ten + Bugcrowd Extras Specific Vulnerability Name Variant or Affected Function

P1
Server Security Misconfiguration Using Default Credentials
Server-Side Injection File Inclusion Local
Server-Side Injection Remote Code Execution (RCE)

Server-Side Injection SQL Injection

Server-Side Injection XML External Entity Injection (XXE)

Broken Authentication and Session Management Authentication Bypass

Sensitive Data Exposure Critically Sensitive Data Password Disclosure

Sensitive Data Exposure Critically Sensitive Data Private API Keys

Insecure OS/Firmware Command Injection

Insecure OS/Firmware Hardcoded Password Privileged User

Broken Cryptography Cryptographic Flaw Incorrect Usage

P2
Server Security Misconfiguration Misconfigured DNS High Impact Sub domain Takeover
Server Security Misconfiguration OAuth Misconfiguration Account Takeover

Cross-Site Scripting (XSS) Stored Non-Privileged User to Anyone

Broken Access Control (BAC) Server-Side Request Forgery (SSRF) Internal High Impact
Cross-Site Request Forgery (CSRF) Application-Wide
Application-Level Denial-of-Service (DoS) Critical Impact and/or Easy Difficulty

P3 Server Security Misconfiguration

Server-Side Injection
Mail Server Misconfiguration
HTTP Response Manipulation
No Spoofing Protection on Email Domain
Response Splitting (CRLF) Server-Side Injection

Content Spoofing iframe Injection

Broken Authentication and Session Management
Broken Authentication and Session Management
Broken Authentication and Session Management
Sensitive Data Exposure
Cross-Site Scripting (XSS)
Second Factor Authentication (2FA) Bypass
Weak Login Function HTTPS not Available or HTTP by Default
Session Fixation Remote Attack Vector
EXIF Geolocation Data Not Stripped From Uploaded Images Automatic User Enumeration
Stored Privileged User to Privilege Elevation
Priority OWASP Top Ten + Bugcrowd Extras
Cross-Site Scripting (XSS)
P3 Cross-Site Scripting (XSS)
Broken Access Control (BAC)
Application-Level Denial-of-Service (DoS)
Client-Side Injection
P4 Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server-Side Injection
Server-Side Injection
Broken Authentication and Session Management
Broken Authentication and Session Management
Broken Authentication and Session Management
Broken Authentication and Session Management
Broken Authentication and Session Management
Broken Authentication and Session Management
Broken Authentication and Session Management
Sensitive Data Exposure
Sensitive Data Exposure
Specific Vulnerability Name Variant or Affected Function
Stored CSRF/URL-Based
Reflected
Server-Side Request Forgery (SSRF)
Non-Self
Internal Scan and/or Medium Impact
High Impact and/or Medium Difficulty
Binary Planting Default Folder Privilege Escalation
Misconfigured DNS Zone Transfer
Mail Server Misconfiguration Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Database Management System (DBMS) Misconfiguration Excessively Privileged User / DBA
Lack of Password Confirmation Delete Account
No Rate Limiting on Form Registration
No Rate Limiting on Form Login
No Rate Limiting on Form Email-Triggering
No Rate Limiting on Form SMS-Triggering
Missing Secure or HTTPOnly Cookie Flag Session Token
Clickjacking Sensitive Click-Based Action
CAPTCHA Implementation Vulnerability
Lack of Security Headers Cache-Control for a Sensitive Page
Web Application Firewall (WAF) Bypass Direct Server Access
Content Spoofing External Authentication Injection
Content Spoofing Email HTML Injection
Cleartext Transmission of Session Token
Weak Login Function Other Plaintext Protocol with no Secure Alternative
Weak Login Function LAN Only
Weak Login Function HTTP and HTTPS Available
Failure to Invalidate Session On Logout (Client and Server-Side)
Failure to Invalidate Session On Password Reset and/or Change
Weak Registration Implementation Over HTTP
EXIF Geolocation Data Not Stripped From Uploaded Images Manual User Enumeration
Visible Detailed Error/Debug Page Detailed Server Configuration
Priority OWASP Top Ten + Bugcrowd Extras Specific Vulnerability Name Variant or Affected Function

Sensitive Data Exposure Token Leakage via Referer Untrusted 3rd Party

P4 Sensitive Data Exposure

Sensitive Data Exposure

Token Leakage via Referer

Sensitive Token in URL

Over HTTP

User Facing

Sensitive Data Exposure Weak Password Reset Implementation Password Reset Token Sent Over HTTP

Cross-Site Scripting (XSS) Stored Privileged User to No Privilege Elevation

Cross-Site Scripting (XSS) Flash-Based

Cross-Site Scripting (XSS) IE-Only IE11

Cross-Site Scripting (XSS) Referer
Cross-Site Scripting (XSS) Universal (UXSS)
Cross-Site Scripting (XSS) Off-Domain Data URI

Broken Access Control (BAC) Server-Side Request Forgery (SSRF) External

Broken Access Control (BAC) Username Enumeration Data Leak

Unvalidated Redirects and Forwards Open Redirect GET-Based

Insufficient Security Configurability No Password Policy

Insufficient Security Configurability
Using Components with Known Vulnerabilities
Insecure Data Storage
Insecure Data Storage
Insecure Data Transport
Weak Password Reset Implementation Token is Not Invalidated After Use
Rosetta Flash
Sensitive Application Data Stored Unencrypted On External Storage
Server-Side Credentials Storage Plaintext
Executable Download No Secure Integrity Check

Privacy Concerns Unnecessary Data Collection WiFi SSID+Password Mobile

Security Misconfiguration Clipboard Enabled On Sensitive Content

Server Security Misconfiguration Directory Listing Enabled Non-Sensitive Data Exposure

P5 Server Security Misconfiguration Same-Site Scripting

Server Security Misconfiguration Misconfigured DNS Missing Certification Authority Authorization (CAA) Record
Server Security Misconfiguration Mail Server Misconfiguration Email Spoofing to Spam Folder
Server Security Misconfiguration Mail Server Misconfiguration Missing or Misconfigured SPF and/or DKIM

Server Security Misconfiguration Lack of Password Confirmation Change Email Address

Server Security Misconfiguration Lack of Password Confirmation Change Password

Server Security Misconfiguration Lack of Password Confirmation Manage 2FA
Priority OWASP Top Ten + Bugcrowd Extras
Server Security Misconfiguration
P5
CONTINUED
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Server Security Misconfiguration
Specific Vulnerability Name Variant or Affected Function
Unsafe File Upload No Antivirus
Unsafe File Upload
Unsafe File Upload
No Size Limit
File Extension Filter Bypass
Cookie Scoped to Parent Domain
Missing Secure or HTTPOnly Cookie Flag Non-Session Cookie
Clickjacking Form Input
Clickjacking Non-Sensitive Action
CAPTCHA Brute Force
CAPTCHA Missing
Exposed Admin Portal To Internet
Missing DNSSEC
Fingerprinting/Banner Disclosure
Username Enumeration Brute Force
Potentially Unsafe HTTP Method Enabled OPTIONS
Potentially Unsafe HTTP Method Enabled TRACE
Insecure SSL Lack of Forward Secrecy
Insecure SSL Insecure Cipher Suite
Insecure SSL Certificate Error
Reflected File Download (RFD)
Lack of Security Headers X-Frame-Options
Lack of Security Headers Cache-Control for a Non-Sensitive Page
Lack of Security Headers X-XSS-Protection
Lack of Security Headers Strict-Transport-Security
Lack of Security Headers X-Content-Type-Options
Lack of Security Headers Content-Security-Policy
Lack of Security Headers Public-Key-Pins
Lack of Security Headers X-Content-Security-Policy
Lack of Security Headers X-Webkit-CSP
Lack of Security Headers Content-Security-Policy-Report-Only