Sub-Domain Takeovers | Bug Bounty Hunting Essentials

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents
Feedback & Rating

Bug Bounty Hunting Essentials

By : Shahmeer Amir , Carlos A. Lozano

3.3 (3)

Bug Bounty Hunting Essentials

3.3 (3)

By: Shahmeer Amir , Carlos A. Lozano

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.

Preface

Preface

Who this book is for

What this book covers

Get in touch

Disclaimer

Free Chapter

Basics of Bug Bounty Hunting

Basics of Bug Bounty Hunting

Bug bounty hunting platforms

Types of bug bounty program

Bug bounty hunter statistics

Bug bounty hunting methodology

How to become a bug bounty hunter

Rules of bug bounty hunting

Summary

How to Write a Bug Bounty Report

How to Write a Bug Bounty Report

Prerequisites of writing a bug bounty report

Salient features of a bug bounty report

Format of a bug bounty report

Responding to the queries of the team

Summary

SQL Injection Vulnerabilities

SQL Injection Vulnerabilities

SQL injection

Types of SQL injection vulnerability

Goals of an SQL injection attack for bug bounty hunters

Uber SQL injection

Grab taxi SQL Injection

Zomato SQL injection

LocalTapiola SQL injection

Summary

Cross-Site Request Forgery

Cross-Site Request Forgery

Protecting the cookies

Why does the CSRF exist?

Detecting and exploiting CSRF

XSS – CSRF's best friend

Cross-domain policies

CSRF in the wild

Summary

Application Logic Vulnerabilities

Application Logic Vulnerabilities

Origins

Following the flow

Application logic vulnerabilities in the wild

Summary

Cross-Site Scripting Attacks

Cross-Site Scripting Attacks

Types of cross-site scripting

How do we detect XSS bugs?

Workflow of an XSS attack

Real bug bounty examples

Summary

SQL Injection

SQL Injection

Origin

Example

Automation

SQL injection in Drupal

Summary

Open Redirect Vulnerabilities

Open Redirect Vulnerabilities

Redirecting to another URL

Constructing URLs

Executing code

URL shorteners

Why do open redirects work?

Detecting and exploiting open redirections

Exploitation

Impact

Black and white lists

Open redirects in the wild

Summary

Sub-Domain Takeovers

Sub-Domain Takeovers

The sub-domain takeover

Internet-wide scans

Exploitation

Mitigation

Sub-domain takeovers in the wild

Summary

XML External Entity Vulnerability

XML External Entity Vulnerability

How XML works

How is an XXE produced?

Detecting and exploiting an XXE

Templates

XXEs in the wild

Summary

Template Injection

Template Injection

What's the problem?

Detection

Exploitation

Mitigation

SSTI in the wild

Summary

Top Bug Bounty Hunting Tools

Top Bug Bounty Hunting Tools

HTTP proxies, requests, responses, and traffic analyzers

Automated vulnerability discovery and exploitation

Recognize

Extensions

Summary

Top Learning Resources

Top Learning Resources

Training

Books and resources

CTFs and wargames

YouTube channels

Social networks and blogs

Meetings and networking

Conferences

Podcasts

Summary

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

3.3 (3)

5 star

33.3%

4 star

0%

3 star

33.3%

2 star

33.3%

1 star

0%

Exploitation

The most important thing about the bug bounty hunter approach is to confirm that the takeover is possible and to then take evidence of that. There are major impacts derived from the sub-domain takeover; they are as follows:

Cookies: If the domain fulatino.com manages a cookie that is valid for that domain, a sub-domain (sub.fulanito.com) can create cookies that are also valid. So, if you create a malicious cookie to exploit an input validation vulnerability or session management error, for example, it will be accepted.
Cross-origin resource sharing: There is protection called same-origin policy, which restricts share resources that do not come from the same domain. However, if you have control of sub.fulanito.com, you can share resources with www.fulanito.com and other sub-domains included in *.fulanito.com, which could lead to a Cross-Site Request Forgery (CSRF) attack.
OAuth whitelisting: Oauth is another form of protection developed to share information about sessions between...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Bug Bounty Hunting Essentials

Search

Your notes and bookmarks