Daily Bug Bounty Writeups by @Piyush Kumawat
This repository contains Bug Bounty writeups
-
💯January 31, 2026 - How to Read a Web App Like a Hacker (Even If You’re Not Technical Yet)
-
💯January 31, 2026 - CyberLessons101: Dockerized CTF Challenge Index.
-
💯January 31, 2026 - When “Draft” Doesn’t Mean Private: Finding an IDOR in an Unpublished Resource
-
💯January 31, 2026 - WhatWeb Guide: Fingerprinting and Recognition for Bug Hunting
-
💯January 30, 2026 - How a Simple “Trust Gap” Logic Flaw Earned Me $200,000 and Inspired a New AI Security Engine
-
💯January 30, 2026 - CSRF: How to trick a website into taking Action on your behalf
-
💯January 30, 2026 - How a “Safe” Analytics Endpoint Leaked Real User Behavior
-
💯January 30, 2026 - The OAuth mechanism and its most common flows
-
💯January 30, 2026 - [PortSwigger][Practitioner] - Lab: CSRF where token is not tied to user session
-
💯January 30, 2026 - Cross-Site Request Forgery (CSRF): A Practical Methodology for Security Testing