Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (15 chapters)

Sub-Domain Takeovers

The vulnerability we will be talking about in this chapter is so tricky that it is more like a configuration management error than a vulnerability. However, there are bounty platforms, such as HackerOne, that include it as vulnerability, so it's still worth discussing.

The problem in this case arises when someone registers a new domain to point to another domain. So, we will cover the following topics in the chapter:

  • Sub-domain takeovers
  • Internet-wide scans

In a vulnerability example, the sub domain (hello.domain.com) uses a canoninal name (CNAME) record to point to fulanito.com. A CNAME record is a domain name service (DNS) register, and it allows us to specify an alias for a domain name to a user. For example, if we have the Mexican domain, mitiendita.com.mx, we can create a CNAME register to point it to mitiendita.com.cl using the...