Complete Bug Bounty Cheat
Sheet
XSS
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/xss.md
• https://github.com/ismailtasdelen/xss-payload-list
SQLi
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/sqli.md
SSRF
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/ssrf.md
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/Server%20Side%20Request%20Fo
rgery
CRLF
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/crlf.md
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/CRLF%20Injection
CSV-Injection
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/csv-
injection.md
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/CSV%20Injection
Joas Antonio
� Complete Bug Bounty Cheat
Sheet
Command Injection
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/Command%20Injection
Directory Traversal
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/Directory%20Traversal
LFI
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/lfi.md
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/File%20Inclusion
XXE
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/xxe.md
Joas Antonio
� Complete Bug Bounty Cheat
Sheet
Open-Redirect
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/open-redirect.md
RCE
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/rce.md
Crypto
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/crypto.md
Template Injection
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/template-
injection.md
• https://github.com/swisskyrepo/PayloadsAllTheThings/t
ree/master/Server%20Side%20Template%20Injection
XSLT
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/xslt.md
Content Injection
• https://github.com/EdOverflow/bugbounty-
cheatsheet/blob/master/cheatsheets/content-
injection.md
Joas Antonio
� Complete Bug Bounty Cheat
Sheet
• LDAP Injection
https://github.com/swisskyrepo/PayloadsAllTheThin
gs/tree/master/LDAP%20Injection
• NoSQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThin
gs/tree/master/NoSQL%20Injection
• CSRF Injection
https://github.com/swisskyrepo/PayloadsAllTheThin
gs/tree/master/CSRF%20Injection
• GraphQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThin
gs/tree/master/GraphQL%20Injection
• IDOR
https://github.com/swisskyrepo/PayloadsAllTheThin
gs/tree/master/Insecure%20Direct%20Object%20Re
ferences
Joas Antonio
� Complete Bug Bounty Cheat
Sheet
• ISCM
https://github.com/swisskyrepo/PayloadsAllTheThin
gs/tree/master/Insecure%20Source%20Code%20Ma
nagement
LaTex Injection
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/LaTeX%20Injection
OAuth
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/OAuth
XPATH Injection
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/XPATH%20Injection
Bypass Upload Tricky
• https://github.com/swisskyrepo/PayloadsAllTheThi
ngs/tree/master/Upload%20Insecure%20Files
Joas Antonio
