更新时间:2021-06-10 18:36:23
coverpage
Title Page
About Packt
Why subscribe?
Packt.com
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
Conventions used
Get in touch
Reviews
Disclaimer
Basics of Bug Bounty Hunting
Bug bounty hunting platforms
HackerOne
Bugcrowd
Cobalt
Synack
Types of bug bounty program
Public programs
Private programs
Bug bounty hunter statistics
Number of vulnerabilities
Number of halls of fame
Reputation points
Signal
Impact
Accuracy
Bug bounty hunting methodology
How to become a bug bounty hunter
Reading books
Practicing what you learned
Reading proof of concepts
Learning from reports
Starting bug bounty hunting
Learning and networking with others
Rules of bug bounty hunting
Targeting the right program
Approaching the target with clarity
Keeping your expectations low
Learning about vulnerabilities
Keeping yourself up-to-date
Automating your vulnerabilities
Gaining experience with bug bounty hunting
Chaining vulnerabilities
Summary
How to Write a Bug Bounty Report
Prerequisites of writing a bug bounty report
Referring to the policy of the program
Mission statement
Participating services
Excluded domains
Reward and qualifications
Eligibility for participation
Conduct guidelines
Nonqualifying vulnerabilities
Commitment to researchers
Salient features of a bug bounty report
Clarity
Depth
Estimation
Respect
Format of a bug bounty report
Writing title of a report
Writing the description of a report
Writing the proof of concept of a report
Writing exploitability of a report
Writing impact of a report
Writing remediation
Responding to the queries of the team
SQL Injection Vulnerabilities
SQL injection
Types of SQL injection vulnerability
In-band SQLi (classic SQLi)
Inferential SQLi (blind SQLi)
Out-of-band SQLi
Goals of an SQL injection attack for bug bounty hunters
Uber SQL injection
Key learning from this report
Grab taxi SQL Injection
Zomato SQL injection
LocalTapiola SQL injection
Cross-Site Request Forgery
Protecting the cookies
Why does the CSRF exist?
GET CSRF
POST CSRF
CSRF-unsafe protections
Secret cookies
Request restrictions
Complex flow
