BugBountyTraining


Learn and share

View tutorials & posts from other researchers and start applying what you learn in researchers challenges. Use our platform to share your knowledge with others.

Test your skills

Try user-submitted challenges and see if you can successfully find the bugs, or brush up on your coding skills and create your own for others!


Challenge Title Created By Started On Ends On
Featured
Spooky Challenge! Use XSS to alert the flag. Shortest submission wins $100
This challenge is run externally by @BitK_. Prizes are not given by bugbountynotes.
@BitK_
31/10/2018 23/11/2018 View Challenge Details
Medium
Exploiting a static page
palant 28/10/2018 27/11/2018 View Challenge
Easy/medium
Our redirect blacklist is top-notch, right?
ebelties 28/10/2018 27/11/2018 View Challenge
Easy
A properly secured parameter
palant 28/10/2018 27/11/2018 View Challenge
Medium/hard
Steal teh token!
structhack 28/10/2018 27/11/2018 View Challenge
Medium/hard
Hack The Admin Panel Challenge
rakeshmane 02/11/2018 02/12/2018 View Challenge
Medium/hard
An unusual XSS
harisec 09/11/2018 09/12/2018 View Challenge
Hard
Try out my Screenshotter.PRO browser extension!
palant 09/11/2018 09/12/2018 View Challenge
Medium/hard
Can you XSS when redirecting?
rakeshmane 09/11/2018 09/12/2018 View Challenge
Challenge Title Created By Ended On
Easy
Find the vulnerable parameter and try beat the XSS filter!
zseano 10/10/2018 View challenge
Easy
This developer didn't realise people could view the HTML source. What can you find?
zseano 10/10/2018 View challenge
Medium/hard
There's cross site request forgery (CSRF) protection, but how good is it?
zseano 10/10/2018 View challenge
Easy/medium
Can you bypass the Open URL redirect filter?
zseano 27/10/2018 View challenge
Medium
Blind testing - debug mode
zseano 27/10/2018 View challenge
Medium/hard
This strict URL filter should prevent XSS, right?
filedescriptor 27/10/2018 View challenge
Medium/hard
Can you find the flag via SQL injection?
noob 27/10/2018 View challenge
Error! You are not logged in. Please login to view your submissions.



Learning Resources

janijay007 shared Privilege Escalation like a Boss — posted on 2018-11-14
janijay007 shared Privilege Escalation like a Boss — posted on 2018-11-14
iamthere shared 3 Minutes & XSS! — posted on 2018-11-09
iamthere shared 3 Minutes & XSS! — posted on 2018-11-09
iamthere shared A Five Minute SQL-I — posted on 2018-11-09
slawbra shared Self-XSS CSRF to Stored XSS — posted on 2018-11-09

NEW! How to perform the static analysis of website source code with the browser — the beginner's bug bounty hunters guide

In this guide I am going to show you how to use web browser built-in tools to investigate web application clientside source code.

Shared by: bl4de
Category:
WebApp

NEW! ZSeanos Methods on Recon

I released a guide on basic recon. Now i've upgraded my methods and in this tutorial I share methods of how you can find leads to identifying bugs

Shared by: zseano
Category:
WebApp

IDOR.. the roads less travelled

IDOR's (Insecure Direct Object Reference) are everywhere if you know where to look. In this tutorial we discuss various areas i've found them and what to do when you think you've found one.

Shared by: zseano
Category:
WebApp

XSS and getting the alert..

WAF's and XSS filters can sometimes pose a problem, but don't fear as methods to bypass are available. In this tutorial we look into some things you can try.

Shared by: zseano
Category:
WebApp

Bypassing CSRF protection

Cross Site Request Forgery protection can sometimes be bypassed. In this tutorial I give an exammple of a site wide CSRF issue, and things you can try to get a CSRF bypass.

Shared by: zseano
Category:
WebApp

Rate limits and bypassing them

Rate limiting can be considered critical based on what your attacking. In this tutorial we discuss various techniques for bypassing rate limits.

Shared by: zseano
Category:
WebApp

Open Url Redirects

Open url redirects are always considered as "low impact", but can we really turn an open url redirect into a $2500 payout? Let's dive in to the world of open url redirects and everything about them.

Shared by: zseano
Category:
WebApp
Recent Posts in Bug Help
Recent Posts in Learning & Training