BugBountyTraining


Learn and share

View tutorials & posts from other researchers and start applying what you learn in researchers challenges. Use our platform to share your knowledge with others.

Test your skills

Try user-submitted challenges and see if you can successfully find the bugs, or brush up on your coding skills and create your own for others!


Challenge Title Created By Started Ends In
Medium/hard
Hack The Admin Panel Challenge
rakeshmane 44 days ago 14 days left View Challenge
Medium
Can you get the flag from this browser extension?
palant 30 days ago Ends today! View Challenge
Medium
Can you add yourself to the hall of fame?
zseano 12 days ago 18 days left View Challenge
Challenge Title Created By Ended On
Easy
Find the vulnerable parameter and try beat the XSS filter!
zseano 2018-10-10 View challenge
Easy
This developer didn't realise people could view the HTML source. What can you find?
zseano 2018-10-10 View challenge
Medium/hard
There's cross site request forgery (CSRF) protection, but how good is it?
zseano 2018-10-10 View challenge
Easy/medium
Can you bypass the Open URL redirect filter?
zseano 2018-10-27 View challenge
Medium
Blind testing - debug mode
zseano 2018-10-27 View challenge
Medium/hard
This strict URL filter should prevent XSS, right?
filedescriptor 2018-10-27 View challenge
Medium/hard
Can you find the flag via SQL injection?
noob 2018-10-27 View challenge
Medium
Exploiting a static page
palant 2018-11-27 View challenge
Easy/medium
Our redirect blacklist is top-notch, right?
ebelties 2018-11-27 View challenge
Easy
A properly secured parameter
palant 2018-11-27 View challenge
Medium/hard
Steal teh token!
structhack 2018-11-27 View challenge
Medium/hard
An unusual XSS
harisec 2018-12-10 View challenge
Hard
Try out my Screenshotter.PRO browser extension!
palant 2018-12-10 View challenge
Medium/hard
Can you XSS when redirecting?
rakeshmane 2018-12-10 View challenge
Error! You are not logged in. Please login to view your submissions.



Learning Resources

warlord3112 shared How I gained Access to sony's Database — posted on 2018-11-28
warlord3112 shared How I Hacking Oracle in 5 Minutes — posted on 2018-11-28
slawbra shared New technique to find Blind-XSS — posted on 2018-11-20
janijay007 shared Privilege Escalation like a Boss — posted on 2018-11-14
janijay007 shared Privilege Escalation like a Boss — posted on 2018-11-14
iamthere shared 3 Minutes & XSS! — posted on 2018-11-09
iamthere shared 3 Minutes & XSS! — posted on 2018-11-09

NEW! How to perform the static analysis of website source code with the browser — the beginner's bug bounty hunters guide

In this guide I am going to show you how to use web browser built-in tools to investigate web application clientside source code.

Shared by: bl4de
Category:
WebApp

NEW! ZSeanos Methods on Recon

I released a guide on basic recon. Now i've upgraded my methods and in this tutorial I share methods of how you can find leads to identifying bugs

Shared by: zseano
Category:
WebApp

IDOR.. the roads less travelled

IDOR's (Insecure Direct Object Reference) are everywhere if you know where to look. In this tutorial we discuss various areas i've found them and what to do when you think you've found one.

Shared by: zseano
Category:
WebApp

XSS and getting the alert..

WAF's and XSS filters can sometimes pose a problem, but don't fear as methods to bypass are available. In this tutorial we look into some things you can try.

Shared by: zseano
Category:
WebApp

Bypassing CSRF protection

Cross Site Request Forgery protection can sometimes be bypassed. In this tutorial I give an exammple of a site wide CSRF issue, and things you can try to get a CSRF bypass.

Shared by: zseano
Category:
WebApp

Rate limits and bypassing them

Rate limiting can be considered critical based on what your attacking. In this tutorial we discuss various techniques for bypassing rate limits.

Shared by: zseano
Category:
WebApp

Open Url Redirects

Open url redirects are always considered as "low impact", but can we really turn an open url redirect into a $2500 payout? Let's dive in to the world of open url redirects and everything about them.

Shared by: zseano
Category:
WebApp
Recent Posts in Bug Help
Recent Posts in Learning & Training