hunt-misc

## Crown Jewel Targets **Why this vuln class pays:** MISC vulnerabilities span access control failures, information disclosure, session/auth logic bugs, and misconfiguration — the categories that consistently produce the highest payouts because they map directly to business impact: data exposure, account takeover, privilege escalation, and infrastructure compromise. **Highest-value targets:** - **SaaS platforms with role hierarchies** (Shopify, GitHub, GitLab) — any boundary between owner/admin/staff/guest is a privilege escalation surface - **Identity/auth flows** — invitation links, password reset, SAML SSO, OAuth token scopes - **Multi-tenant systems** — one tenant touching another tenant's data - **Internal APIs** — LFS endpoints, pre-receive hooks, internal GraphQL/REST that assume caller is trusted - **Domain/DNS management features** — transfer controls, subdomain delegation - **Token/credential management** — PAT scopes, deploy keys, API tokens stored in config fields **Asset types that pay most:** - Core product APIs (not marketing subdomains) - Enterprise/self-hosted editions (GitHub Enterprise, GitLab EE) - Partner/collaborator invitation systems - OAuth app integrations and webhook endpoints --- ## Attack Surface Signals **URL patterns to watch:** ``` /admin/*/transfer /invitations/* /partners/*/accept /api/v*/repos/*/lfs/* /-/settings/integrations/sentry /api/v*/user/installations /hooks/pre-receive/* /reset-password?token= /auth/saml/callback /api/v*/packa...