HackerOne reports
• Keep links to a very large and useful repository (https://github.com/reddelexc/hackerone-reports) that includes top HackerOne reports. The repo is constantly kept up to date, which will help you learn a lot of new and useful things (variants of exploiting various vulnerabilities, attack vectors, etc.)
• Tops 100:
➡Top 100 upvoted reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_100/TOP100UPVOTED.md)➡Top 100 paid reports. (https://github.com/reddelexc/hackerone-reports/blob/master/tops_100/TOP100PAID.md)
• Tops by bug type:
➡Top XSS reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPXSS.md)➡Top XXE reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPXXE.md)
➡Top CSRF reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPCSRF.md)
➡Top IDOR reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPIDOR.md)
➡Top RCE reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPRCE.md)
➡Top SQLi reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSQLI.md)
➡Top SSRF reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSSRF.md)
➡Top Race Condition reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPRACECONDITION.md)
➡Top Subdomain Takeover reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md)
➡Top Open Redirect reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPOPENREDIRECT.md)
➡Top Clickjacking reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPCLICKJACKING.md)
➡Top DoS reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPDOS.md)
➡Top OAuth reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPOAUTH.md)
➡Top Account Takeover reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPACCOUNTTAKEOVER.md)
➡Top Business Logic reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPBUSINESSLOGIC.md)
➡Top REST API reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPAPI.md)
➡Top GraphQL reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPGRAPHQL.md)
➡Top Information Disclosure reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPINFODISCLOSURE.md)
➡Top Web Cache reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPWEBCACHE.md)
➡Top SSTI reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSSTI.md)
➡Top Upload reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPUPLOAD.md)
➡Top HTTP Request Smuggling reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPREQUESTSMUGGLING.md)
➡Top OpenID reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPOPENID.md)
➡Top Mobile reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPMOBILE.md)
➡Top File Reading reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPFILEREADING.md)
➡Top Authorization Bypass reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPAUTHORIZATION.md)
➡Top Authentication Bypass reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPAUTH.md)
➡Top MFA reports. (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPMFA.md)
• Tops by program:
➡Top Mail.ru reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPMAILRU.md)➡Top HackerOne reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPHACKERONE.md)
➡Top Shopify reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPSHOPIFY.md)
➡Top Nextcloud reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPNEXTCLOUD.md)
➡Top Twitter reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPTWITTER.md)
➡Top X (formerly Twitter) reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPX(FORMERLYTWITTER).md)
➡Top Uber reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPUBER.md)
➡Top Node.js reports; (https://github.com/reddelexc/hacker...tops_by_program/TOPNODEJSTHIRDPARTYMODULES.md)
➡Top shopify-scripts reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPSHOPIFYSCRIPTS.md)
➡Top Legal Robot reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPLEGALROBOT.md)
➡Top U.S. Dept of Defense reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPUSDEPTOFDEFENSE.md)
➡Top Gratipay reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPGRATIPAY.md)
➡Top Weblate reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPWEBLATE.md)
➡Top VK.com reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPVKCOM.md)
➡Top New Relic reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPNEWRELIC.md)
➡Top LocalTapiola reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPLOCALTAPIOLA.md)
➡Top Zomato reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPZOMATO.md)
➡Top Slack reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPSLACK.md)
➡Top ownCloud reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPOWNCLOUD.md)
➡Top GitLab reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPGITLAB.md)
➡Top Ubiquiti Inc. reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPUBIQUITIINC.md)
➡Top Automattic reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPAUTOMATTIC.md)
➡Top Coinbase reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPCOINBASE.md)
➡Top Verizon Media reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPVERIZONMEDIA.md)
➡Top Starbucks reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPSTARBUCKS.md)
➡Top Paragon Initiative Enterprises reports; (https://github.com/reddelexc/hacker...by_program/TOPPARAGONINITIATIVEENTERPRISES.md)
➡Top PHP (IBB) reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPPHP(IBB).md)
➡Top Brave Software reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPBRAVESOFTWARE.md)
➡Top Vimeo reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPVIMEO.md)
➡Top OLX reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPOLX.md)
➡Top concrete5 reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPCONCRETE5.md)
➡Top Phabricator reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPPHABRICATOR.md)
➡Top Localize reports; (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPLOCALIZE.md)
➡Top Qiwi reports. (https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_program/TOPQIWI.md)