Index
A
- Acunetix
- Amass
- application-logic vulnerabilities
- origins / Origins, What is the main problem?
- application analysis
- user input / User input
- out-band channels / Out-band channels
- naming conventions / Naming conventions
- technologies used / Keywords related to technologies
- traffic analysis / Analyzing the traffic
- application logic vulnerabilities, flow
- spidering / Following the flow, Spidering
- points of interest / Points of interest
- analysis / Analysis
- Aquatone
- reference / Detecting possibly affected domains
B
- Badstore
- reference / Badstore
- Binary.com vulnerability / Binary.com vulnerability – stealing a user's money
- BlackHat
- reference / BlackHat
- blacklist / Black and white lists
- blikms / Shopify theme install open redirect
- blind SQL injection / Inferential
- blind XSS / Blind XSS
- Boolean-based blind SQL injection / Inferential
- bug bounty
- examples / Real bug bounty examples
- bug bounty courses
- reference / Udemy
- bug bounty hunter
- statistics / Bug bounty hunter statistics
- about / How to become a bug bounty hunter, Learning from reports, Learning and networking with others
- becoming / How to become a bug bounty hunter, Learning from reports, Learning and networking with others
- SQL injection, goals / Goals of an SQL injection attack for bug bounty hunters
- bug bounty hunting
- bug bounty hunting platforms
- about / Bug bounty hunting platforms
- HackerOne /
- Bugcrowd / Bugcrowd
- Cobalt / Cobalt
- Synack / Synack
- bug bounty programs
- types / Types of bug bounty program
- bug bounty report
- writing, pre-requisites / Prerequisites of writing a bug bounty report, Referring to the policy of the program
- features / Salient features of a bug bounty report
- format / Format of a bug bounty report
- BugCON
- reference / BugCON
- BugCrowd
- Burp Suite / Burp Suite
C
- Capture The Flags (CTFs) / CTFs and wargames
- Chaos Communication Congress
- reference / CCC
- CNAME takeovers / CNAME takeovers
- Cobalt / Cobalt
- code
- executing / Executing code
- Code Blue
- reference / Code Blue
- collaborator / Bypassing the Shopify admin authentication
- conferences
- Content Security Policy (CSP) / Embedding unauthorized images in the report
- cookies
- protecting / Protecting the cookies
- Cookies Manager+
- about / Cookies Manager+
- reference / Cookies Manager+
- cross-domain policies
- about / Cross-domain policies
- HTML injection / HTML injection
- JavaScript hijacking / JavaScript hijacking
- Cross-Site Request Forgery (CSRF)
- need for / Why does the CSRF exist?
- GET CSRF / GET CSRF
- POST CSRF / POST CSRF
- detecting / Detecting and exploiting CSRF
- exploiting / Detecting and exploiting CSRF
- problems, avoiding with authentication / Avoiding problems with authentication
- about / Exploitation
- cross-site scripting (XSS)
- CSRF-unsafe protections
- about / CSRF-unsafe protections
- secret cookies / Secret cookies
- request restrictions / Request restrictions
- complex flow / Complex flow
- URL rewriting / URL rewriting
- HTTPS, using / Using HTTPS instead of HTTP
- CSRF more safe protection
- form keys / CSRF – more safe protection
- hashes / CSRF – more safe protection
- view state / CSRF – more safe protection
- refer / CSRF – more safe protection
- tokens / CSRF – more safe protection
- CSRFs bug reported, in bug bounty platforms
- Shopify export installed users / Shopify for exporting installed users
- Shopify Twitter disconnect / Shopify Twitter disconnect
- Badoo full account takeover / Badoo full account takeover
D
- Damn Vulnerable Web Application
- reference / Damn Vulnerable Web Application
- data store / Origin
- DEFCON
- reference / DEFCON
- DEFCON groups
- reference / DEFCON meetings
- DEFCON meetings / DEFCON meetings
- Document Object Model (DOM) / DOM-based XSS
- Document Type Definition (DTD) / How XML works
- DOM-based XSS / DOM-based XSS
E
- Ekoparty
- reference / Ekoparty
- error-based SQLi / In-band SQLi (classic SQLi)
- error-based SQL injections / In-band SQL injection
- examples, bug bounty
- Shopify wholesale / Shopify wholesale
- Shopify Giftcard Cart / Shopify Giftcard Cart
- Shopify currency, formatting / Shopify currency formatting
- Shopify currency formatting / Shopify currency formatting
- Yahoo Mail stored XSS / Yahoo Mail stored XSS
- Google image search / Google image search
- exploitation / Exploitation, Exploitation
- Exploiting Software / Exploiting Software
- Exploit Researcher and Advanced Penetration Tester (GXPN) / GIAC
- Exploitware Labs
- reference / Exploitware Labs
- Extensible Markup Language (XML)
- working / How XML works
- External XML Entity (XXE)
- about / How is an XXE produced?, XXEs in the wild
- detecting / Detecting and exploiting an XXE
- exploiting / Detecting and exploiting an XXE
- read access, to Google / Read access to Google
- Facebook XXE with Word / A Facebook XXE with Word
- Wikiloc XXE / The Wikiloc XXE
F
- Fiddler
- Firebug
- flash-based XSS / Flash-based XSS
- format, bug bounty report
- title, writing / Writing title of a report
- description, writing / Writing the description of a report
- proof of concept, writing / Writing the proof of concept of a report
- exploitability, writing / Writing exploitability of a report
- impact, writing / Writing impact of a report
- remediation, writing / Writing remediation
- Formidable / Grab taxi SQL Injection
- FoxyProxy
- FreeMaker / Twig and FreeMaker
G
- GET CSRF / GET CSRF
- GIAC
- reference / GIAC
- GitLab 2F authentication
- bypassing / Bypassing the GitLab 2F authentication
- Google image search / Google image search
- Grab
- reference / Grab taxi SQL Injection
- Grab taxi SQL Injection
- about / Grab taxi SQL Injection
- key learning / Key learning from this report
H
- H2HC
- reference / H2HC
- HackBar
- Hackerone
- reference / HackeroneXSS
- HackerOne
- about /
- reference / HackerOne
- HackerOne interstitial redirect / HackerOne interstitial redirect
- HackerOne S buckets open / HackerOne S buckets open
- HackerOne signal manipulation / HackerOne signal manipulation
- HackeroneXSS
- about / HackeroneXSS
- malicious JS, executing / Executing malicious JS
- unauthorized images, embedding / Embedding unauthorized images in the report
- users, redirecting to different website / Redirecting users to a different website
- key learning / Key learning from this report
- Hacking 101
- reference / Hacking 101
- Hack The Box
- reference / Hack The Box
- HostileSubBruteforcer
- about / HostileSubBruteforcer
- reference / HostileSubBruteforcer
- HTML injection / HTML injection
- HTTP proxies / HTTP proxies, requests, responses, and traffic analyzers
- HTTP requests / HTTP proxies, requests, responses, and traffic analyzers
- HTTP responses / HTTP proxies, requests, responses, and traffic analyzers
I
- impacts, sub-domain takeovers
- cookies / Exploitation
- cross-origin resource sharing / Exploitation
- Oauth whitelisting / Exploitation
- intercepting emails / Exploitation
- content security policies / Exploitation
- clickjacking / Exploitation
- password managers / Exploitation
- phishing / Exploitation
- black SEO / Exploitation
- in-band SQL injection
- about / In-band SQLi (classic SQLi)
- error-based SQL injections / In-band SQL injection
- union-based SQL injections / In-band SQL injection
- inferential SQL injections
- about / Inferential SQLi (blind SQLi)
- Boolean-based blind SQL injection / Inferential
- time-based blind SQL injection / Inferential
- InjectorPCA / HackerOne S buckets open
- Internet-wide scans
- about / Internet-wide scans
- possibly affected domains, detecting / Detecting possibly affected domains
- interpreter / Origin
- Intrusion Prevention System (IPS) / Shopify S buckets open
J
- JavaScript hijacking / JavaScript hijacking
- juicy bugs / Automated vulnerability discovery and exploitation
K
L
- LiveOverflow
- reference / LiveOverflow
- Local File Inclusions (LFIs) / Mitigation
- LocalTapiola SQL injection
- about / LocalTapiola SQL injection
- key learning / Key learning from this report
M
- 2600 meetings
- reference / 2600 meetings
- mail exchange (MX) record / MX takeovers
- Marko / Marko
- meetings / Meetings and networking
- Metasploitable
- reference / Metasploitable
- mitigation / Mitigation
- MX takeovers / MX takeovers
N
- name server (NS) record / NS takeover
- Nikto
- Nmap
- Nmap Scripting Engine (NSE)
- NS takeover / NS takeover
O
- Offensive Security
- reference / Offensive Security
- Offensive Security Certified Professional (OSCP) / Offensive Security
- Offensive Security Web Expert (OSWE) / Offensive Security
- Olark
- reference / TrelloXSS
- open redirections
- detecting / Detecting and exploiting open redirections
- exploring / Detecting and exploiting open redirections
- open redirects
- about / Why do open redirects work?
- Shopify theme install open redirect / Shopify theme install open redirect
- Shopify login open redirect / Shopify login open redirect
- HackerOne interstitial redirect / HackerOne interstitial redirect
- on Twitter / XSS and open redirect on Twitter
- Facebook / Facebook
- Open Web Application Security Project (OWASP) / OWASP Testing Guide
- out-of-band SQL injection / Out-of-band SQLi, Out-of-band SQL injection
- OWASP meetings / OWASP meetings
- OWASP Testing Guide
- about / OWASP Testing Guide
- reference / OWASP Testing Guide
P
- PaulDotCom
- reference / PaulDotCom
- Penetration Tester (GPEN) / GIAC
- Pen Testing as a Service (PTaaS) / Cobalt
- Philippe Hare Wood
- reference / Philippe Hare Wood
- Platzi
- podcasts
- about / Podcasts
- PaulDotCom / PaulDotCom
- PortSwigger
- reference / Burp Suite, PortSwigger's blog
- POST CSRF / POST CSRF
- proof of concept (POC) / Goals of an SQL injection attack for bug bounty hunters
Q
- quality assurance (QA) methods / What is the main problem?
R
- Recon-ng
- reflected cross-site scripting / Reflected cross-site scripting
- Remote Code Execution (RCE) / What's the problem?
- Repeater / Starbucks race conditions, Burp Suite
- RiskIQ
- reference / CNAME takeovers
- Ruby on Rails (RoR) / Rails dynamic render
S
- salient features, bug bounty report
- clarity / Clarity
- depth / Depth
- estimation / Estimation
- respect / Respect
- same-origin policy / Exploitation
- Scan.me pointing to Zendesk / Scan.me pointing to Zendesk
- scope, bug bounty program
- mission statement / Mission statement
- services, participating / Participating services
- excluded domains / Excluded domains
- reward / Reward and qualifications
- qualifications / Reward and qualifications
- participation eligibility / Eligibility for participation
- conduct guidelines / Conduct guidelines
- non-qualifying vulnerabilities / Nonqualifying vulnerabilities
- researchers commitment / Commitment to researchers
- Self XSS / Self XSS
- Server-Side Template Injection (SSTI)
- about / What's the problem?
- plaintext context / Detection
- code context / Detection
- mitigation / Mitigation
- Shodan
- Shopify admin authentication
- bypassing / Bypassing the Shopify admin authentication
- Shopify currency formatting / Shopify currency formatting
- Shopify Giftcard Cart / Shopify Giftcard Cart
- Shopify login open redirect / Shopify login open redirect
- Shopify S buckets open / Shopify S buckets open
- Shopify theme install open redirect / Shopify theme install open redirect
- Shopify wholesale / Shopify wholesale
- Shopify XSS
- about / Shopify XSS
- key learning / Key learning from this report
- shorteners / URL shorteners
- Slack
- reference / Slack XSS
- Slack XSS
- about / Slack XSS
- malicious links, embedding / Embedding malicious links to infect other users on Slack
- key learning / Key learning from this report
- Smarty / Smarty
- social networks and blogs
- about / Social networks and blogs
- Exploitware Labs / Exploitware Labs
- Philippe Hare Wood / Philippe Hare Wood
- PortSwigger's blog / PortSwigger's blog
- software development life cycle (SDLC) / Books and resources
- Spider / Spidering, Detecting and exploiting open redirections
- spidering / Spidering
- SQL injection
- about / SQL injection, What is the main problem?
- origin / Origin
- types / Types of SQL injection
- in-band SQL injection / In-band SQL injection
- inferential SQL injection / Inferential
- out-of-band SQL injection / Out-of-band SQL injection
- fundamental exploitation / Fundamental exploitation
- detecting / Detecting and exploiting SQL injection as if tomorrow does not exist
- exploiting / Detecting and exploiting SQL injection as if tomorrow does not exist
- UNION operator / Union
- interaction, with DBMS / Interacting with the DBMS
- security controls, bypassing / Bypassing security controls
- blind exploitation / Blind exploitation
- out-band exploitations / Out-band exploitations
- automating / Automation
- in Drupal / SQL injection in Drupal
- SQL injection attack
- goals, for bug bounty hunter / Goals of an SQL injection attack for bug bounty hunters
- SQL injection bug
- application, testing / Example
- SQL injection vulnerabilities
- sqlmap
- SSTI vulnerabilities
- about / SSTI in the wild
- Uber Jinja2 TTSI / Uber Jinja2 TTSI
- Uber Angular template injection / Uber Angular template injection
- Yahoo SSTI vulnerability / Yahoo SSTI vulnerability
- Rails dynamic render / Rails dynamic render
- Starbucks' sub-domain takeover / Starbucks' sub-domain takeover
- Starbucks race conditions / Starbucks race conditions
- statistics, bug bounty hunter
- number of vulnerabilities / Number of vulnerabilities
- number of halls of fame / Number of halls of fame
- reputation points / Reputation points
- signal / Signal
- impact / Impact
- accuracy / Accuracy
- stored cross-site scripting / Stored cross-site scripting
- sub-domain takeovers
- about / The sub-domain takeover
- CNAME takeovers / CNAME takeovers
- NS takeover / NS takeover
- MX takeovers / MX takeovers
- major impacts / Exploitation
- Ubiquiti sub-domain takeovers / Ubiquiti sub-domain takeovers
- Scan.me pointing to Zendesk / Scan.me pointing to Zendesk
- Starbucks' sub-domain takeover / Starbucks' sub-domain takeover
- Vine's sub-domain takeover / Vine's sub-domain takeover
- Uber's sub-domain takeover / Uber's sub-domain takeover
- Subjack
- reference / Detecting possibly affected domains
- SubOver
- reference / Detecting possibly affected domains
- Synack / Synack
T
- target recognition / Recognize
- team queries
- responding / Responding to the queries of the team
- template engines
- Twig / Twig and FreeMaker
- FreeMaker / Twig and FreeMaker
- Smarty / Smarty
- Marko / Marko
- exploiting / Exploitation
- templates
- used, for exploiting XXE vulnerabilities / Templates
- The Hacker Play Book / The Hacker Play Book
- time-based blind SQL injection / Inferential
- traffic analyzers / HTTP proxies, requests, responses, and traffic analyzers
- training resources
- about / Training
- Platzi / Platzi
- Udemy / Udemy
- GIAC / GIAC
- Offensive Security / Offensive Security
- Trello
- references / TrelloXSS
- TrelloXSS
- about / TrelloXSS
- key learning / Key learning from this report
- Twig / Twig and FreeMaker
- Twitter
- reference / Twitter XSS
- Twitter XSS
- about / Twitter XSS
- key learning / Key learning from this report
- types, bug bounty programs
- public programs / Public programs
- private programs / Private programs
- types, cross-site scripting
- reflected cross-site scripting / Reflected cross-site scripting
- stored cross-site scripting / Stored cross-site scripting
- DOM-based XSS / DOM-based XSS
- blind XSS / Blind XSS
- flash-based XSS / Flash-based XSS
- Self XSS / Self XSS
- types, in-band SQLi (classic SQLi)
- error-based SQLi / In-band SQLi (classic SQLi)
- union-based SQLi / In-band SQLi (classic SQLi)
- types, inferential SQLi (blind SQLi)
- boolean-based blind SQLi / Inferential SQLi (blind SQLi)
- time-based blind SQLi / Inferential SQLi (blind SQLi)
- types, SQL injection vulnerabilities
- in-band SQLi (classic SQLi) / In-band SQLi (classic SQLi)
- inferential SQLi (blind SQLi) / Inferential SQLi (blind SQLi)
- out-of-band SQLi / Out-of-band SQLi
U
- Uber's sub-domain takeover / Uber's sub-domain takeover
- Uber Angular template injection / Uber Angular template injection
- Uber Jinja2 TTSI / Uber Jinja2 TTSI
- Uber SQL injection
- about / Uber SQL injection
- key learning / Key learning from this report
- Ubiquiti sub-domain takeovers / Ubiquiti sub-domain takeovers
- Udemy / Udemy
- union-based SQLi / In-band SQLi (classic SQLi)
- union-based SQL injections / In-band SQL injection
- URL
- redirecting to / Redirecting to another URL
- constructing / Constructing URLs
- URL shorteners / URL shorteners
- User-Agent Switcher
- reference / User-Agent Switcher
- about / User-Agent Switcher
- uzsunny / Bypassing the Shopify admin authentication
V
- Vine's sub-domain takeover / Vine's sub-domain takeover
W
- wargames
- Hack The Box / Hack The Box
- Damn Vulnerable Web Application / Damn Vulnerable Web Application
- Badstore / Badstore
- Metasploitable / Metasploitable
- Web Application Hacker's Handbook / Web Application Hacker's Handbook
- Web Application Penetration Tester (GWAPT) / GIAC
- Web Hacking Pro Tips
- reference / Web Hacking Pro Tips
- Websecurify
- about / Websecurify (SECAPPS)
- reference / Websecurify (SECAPPS)
- What CMS
- whitelist / Black and white lists
- Wikiloc XXE / The Wikiloc XXE
- Wireshark
- WordPress
- reference / TrelloXSS
X
- XSS attack
- about / XSS – CSRF's best friend
- workflow / Workflow of an XSS attack
- HackeroneXSS / HackeroneXSS
- Slack XSS / Slack XSS
- TrelloXSS / TrelloXSS
- Shopify XSS / Shopify XSS
- Twitter XSS / Twitter XSS
- XSS bugs
- XSS bugs detection
- flow, following / Follow the flow
- input validation controls, avoiding / Avoiding input validation controls
- with common strings / Other common strings
- filters, bypassing with encoding / Bypassing filters using encoding
- filters, bypassing with tag modifiers / Bypassing filters using tag modifiers
- filters, bypassing with dynamic constructed strings / Bypassing filters using dynamic constructed strings
Y
- Yahoo Mail stored XSS / Yahoo Mail stored XSS
- Yahoo PHP info disclosure / Yahoo PHP info disclosure
- Yahoo SSTI vulnerability / Yahoo SSTI vulnerability
- YouTube channels
- about / YouTube channels
- Web Hacking Pro Tips / Web Hacking Pro Tips
- BugCrowd / BugCrowd
- HackerOne / HackerOne
Z
- Zed Attack Proxy (ZAP)
- about / ZAP – Zed Attack Proxy
- reference / ZAP – Zed Attack Proxy
- Zomato
- reference / Zomato SQL injection
- Zomato SQL injection
- about / Zomato SQL injection
- key learning / Key learning from this report