Real-World-Bug-Hunting.pdf
(
4181 KB
)
Pobierz
Download from www.finelybook.com 7450911@qq.com
Contents in Detail
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Cover Page
Title Page
Copyright Page
About the Author
About the Technical Reviewer
Brief Contents
Contents in Detail
Foreword by Michiel Prins and Jobert Abma
Acknowledgments
Introduction
1.
2.
3.
4.
Who Should Read This Book
How to Read This Book
What’s in This Book
A Disclaimer About Hacking
11.
1 Bug Bounty Basics
1.
2.
3.
4.
5.
Vulnerabilities and Bug Bounties
Client and Server
What Happens When You Visit a Website
HTTP Requests
Summary
12.
2 Open Redirect
1.
How Open Redirects Work
2.
Shopify Theme Install Open Redirect
2
Download from www.finelybook.com 7450911@qq.com
3.
Shopify Login Open Redirect
4.
HackerOne Interstitial Redirect
5.
Summary
13.
3 HTTP Parameter Pollution
1.
2.
3.
4.
5.
6.
Server-Side HPP
Client-Side HPP
HackerOne Social Sharing Buttons
Twitter Unsubscribe Notifications
Twitter Web Intents
Summary
14.
4 Cross-Site Request Forgery
1.
2.
3.
4.
5.
6.
7.
8.
Authentication
CSRF with GET Requests
CSRF with POST Requests
Defenses Against CSRF Attacks
Shopify Twitter Disconnect
Change Users Instacart Zones
Badoo Full Account Takeover
Summary
15.
5 HTML Injection and Content Spoofing
1.
2.
3.
4.
5.
Coinbase Comment Injection Through Character Encoding
HackerOne Unintended HTML Inclusion
HackerOne Unintended HTML Include Fix Bypass
Within Security Content Spoofing
Summary
16.
6 Carriage Return Line Feed Injection
3
Download from www.finelybook.com 7450911@qq.com
1.
2.
3.
4.
HTTP Request Smuggling
v.shopify.com Response Splitting
Twitter HTTP Response Splitting
Summary
17.
7 Cross-Site Scripting
1.
2.
3.
4.
5.
6.
7.
8.
Types of XSS
Shopify Wholesale
Shopify Currency Formatting
Yahoo! Mail Stored XSS
Google Image Search
Google Tag Manager Stored XSS
United Airlines XSS
Summary
18.
8 Template Injection
1.
2.
3.
4.
5.
6.
7.
Server-Side Template Injections
Client-Side Template Injections
Uber AngularJS Template Injection
Uber Flask Jinja2 Template Injection
Rails Dynamic Render
Unikrn Smarty Template Injection
Summary
19.
9 SQL Injection
1.
2.
3.
4.
5.
SQL Databases
Countermeasures Against SQLi
Yahoo! Sports Blind SQLi
Uber Blind SQLi
Drupal SQLi
4
Download from www.finelybook.com 7450911@qq.com
6.
Summary
20.
10 Server-Side Request Forgery
1.
2.
3.
4.
5.
6.
7.
8.
Demonstrating the Impact of Server-Side Request Forgery
Invoking GET vs. POST Requests
Performing Blind SSRFs
Attacking Users with SSRF Responses
ESEA SSRF and Querying AWS Metadata
Google Internal DNS SSRF
Internal Port Scanning Using Webhooks
Summary
21.
11 XML External Entity
1.
2.
3.
4.
5.
6.
eXtensible Markup Language
How XXE Attacks Work
Read Access to Google
Facebook XXE with Microsoft Word
Wikiloc XXE
Summary
22.
12 Remote Code Execution
1.
2.
3.
4.
5.
6.
7.
Executing Shell Commands
Executing Functions
Strategies for Escalating Remote Code Execution
Polyvore ImageMagick
Algolia RCE on facebooksearch.algolia.com
RCE Through SSH
Summary
23.
13 Memory Vulnerabilities
5
Plik z chomika:
kufel_007
Inne pliki z tego folderu:
The IoT Hacker’s A Practical Guide to Hacking the Internet of Things.pdf
(18975 KB)
security-cissp-all-in-one-exam-guide-6th-edition.pdf
(60183 KB)
ethical-hacking-a-hands-on-introduction-to-breaking-in.pdf
(8872 KB)
Mastering Reverse Engineering Re-engineer your ethical hacking skills by Reginald Wong.pdf
(14578 KB)
Black-Hat-Go_Go-Programming-For-Hackers-and-Pentesters.pdf
(23456 KB)
Inne foldery tego chomika:
assembly
C#
C++
Hakin9 hacking
ISO
Zgłoś jeśli
naruszono regulamin