Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (15 chapters)

How XML works


If you look at an XML document, you may think that it's similar to HTML documents, because both of them have tags. But no, HTML documents follow a certain set of rules defined by the language. In the case of XML, the rules are defined by the document itself, as in the following example:

<?xml version="1.0" encoding="UTF-8"?> 
<animals> 
<fish> 
<name>Discus</name> 
<location>Brasil/location> 
<danger_extintion="1">Shot the web</danger_extintion> 
</fish> 
</animals> 

You can see that the document itself defined each tag and how to use it, along with the values, and so on. This is the reason why applications such as MS Office use XML to manage their documents in the background.

For example, let's look at a Word document:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"> 
   <Relationship Id="rId1" Type="http://schemas...