A Very Basic Beginner Bug Bounty Methodology

3 min readDec 21, 2023

Cross-Site Scripting (XSS)

Reflected XSS:

  • Look for parameters and user inputs that are reflected back in the page without proper encoding.
  • Use fuzzing with a list of XSS payloads to test how inputs are sanitized.

Stored XSS:

  • Test all inputs that could be stored and displayed to other users (comments, profiles, etc.).
  • Pay special attention to rich-text fields which may allow HTML content.

DOM-based XSS:

  • Investigate client-side scripts to identify points where user-supplied input may modify the DOM.
  • Use tools like browser development tools to track how JavaScript manipulates user input.

Cross-Site Request Forgery (CSRF)

Simple CSRF:

  • Check for forms and state-changing requests that do not have CSRF tokens or other anti-CSRF mechanisms.
  • Attempt to craft malicious requests that could be sent from an attacker-controlled site.

SQL Injection

Basic SQL Injection:

  • Input classic payloads like ‘ OR ‘1’=’1 to…




No b*llshit Hacking tutorials with extreme value in short bursts