Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Free Learning

You're reading from Bug Bounty Hunting Essentials Quick-paced guide to help white-hat hackers get through bug bounty programs

Product type Paperback

Published in Nov 2018

Publisher

ISBN-13 9781788626897

Length 270 pages

Edition 1st Edition

Tools

Android

Concepts

Bug Bounty

Authors (2):

Shahmeer Amir

Carlos A. Lozano

View More author details

Table of Contents (15) Chapters

Preface

1. Basics of Bug Bounty Hunting FREE CHAPTER

2. How to Write a Bug Bounty Report

3. SQL Injection Vulnerabilities

4. Cross-Site Request Forgery

5. Application Logic Vulnerabilities

6. Cross-Site Scripting Attacks

7. SQL Injection

8. Open Redirect Vulnerabilities

9. Sub-Domain Takeovers

10. XML External Entity Vulnerability

11. Template Injection

12. Top Bug Bounty Hunting Tools

13. Top Learning Resources

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Uber SQL injection

Title: SQL injection on sctrack.email.uber.com.cn.
Reported by: Orange.
Bounty Rewarded: $4,000.
Web application URL: http://sctrack.email.uber.com.cn.
Description: Uber is a famous ride-hailing server; it is one of the biggest in the world and is used in a number of cities around the world by people who want to move from one place to another. The reporter in this case, who is Orange Tsai, a famous bug bounty hunter, traveled to China and called an Uber. Uber sends marketing emails to riders based on their location; now. like any rider. the first thing to do is to unsubscribe from that email. That is what Orange did, but bug bounty hunters have keen eyes; Orange observed that the unsubscribe link that he received in China was different from the one he received in normal circumstances. Reviewing the original report, the URL looked something like this: http...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Shahmeer Amir

Shahmeer Amir is ranked as the third most accomplished bug hunter worldwide and has helped more than 400 organizations, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. Following his vision of a safer internet, Shahmeer Amir is the founder and CEO of a cyber security start-up in Pakistan, Veiliux, aiming to secure all kinds of organizations. Shahmeer also holds relevant certifications in the field of cyber security from renowned organizations such as EC-Council, Mile2, and ELearn Security. By profession, Shahmeer is an electrical engineer working on different IoT products to make the lives of people easier.

See other products by Shahmeer Amir

Carlos A. Lozano

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in the USA and Chile.

See other products by Carlos A. Lozano