Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Detection


SSTIs can appear in two different contexts:

  • Plaintext context: It means that you can directly input HTML into the application, for example, in a text editor. Some examples of them are as follows:
smarty=Hello {user.name}
Hello user1 
    
freemarker=Hello ${username}
Hello newuser 
    
any=<b>Hello</b>
<b>Hello<b>
  • Code context: This means that you enter values that are processed by the application and return a result. Some examples of them are as follows:
personal_greeting=username
Hello user01
    
personal_greeting=username<tag>
Hello 
    
personal_greeting=username}}<tag>
Hello user01 <tag>

Usually these kind result in XSS attacks, due to the evaluated input, so, if you enter an alert() function, it will be shown.

Once you detect that there's SSTI, using an invalid input and getting a result, it's important to try to determine which template engine is used. Why? Because despite all of them working in similar ways, they have important differences...