Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Bug Bounty Hunting Essentials Quick-paced guide to help white-hat hackers get through bug bounty programs

Product type Paperback

Published in Nov 2018

Publisher

ISBN-13 9781788626897

Length 270 pages

Edition 1st Edition

Tools

Android

Concepts

Bug Bounty

Authors (2):

Shahmeer Amir

Carlos A. Lozano

View More author details

Table of Contents (15) Chapters

Preface

1. Basics of Bug Bounty Hunting

2. How to Write a Bug Bounty Report FREE CHAPTER

3. SQL Injection Vulnerabilities

4. Cross-Site Request Forgery

5. Application Logic Vulnerabilities

6. Cross-Site Scripting Attacks

7. SQL Injection

8. Open Redirect Vulnerabilities

9. Sub-Domain Takeovers

10. XML External Entity Vulnerability

11. Template Injection

12. Top Bug Bounty Hunting Tools

13. Top Learning Resources

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

SSTI in the wild

We'll review some reported SSTI vulnerabilities; they're using different template engines, so remember the examples we have seen when we read them.

Uber Jinja2 TTSI

On April 6, 2016, a bug bounty hunter named Orange Tsai published an SSTI vulnerability in the Uber application, which used the Flask Jinja2 template engine.

Orange Tsai entered, in the Name field, located in the Profile section in rider.uber.com, these numbers to be evaluated:

{{ '7'*7 }}

When he accepted the change, the application sent an email and, in the email's body, there appeared 7777777, the result:

Also, in the Uber application, the name of the user changed, showing how valid the action was:

So...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Shahmeer Amir

Shahmeer Amir is ranked as the third most accomplished bug hunter worldwide and has helped more than 400 organizations, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. Following his vision of a safer internet, Shahmeer Amir is the founder and CEO of a cyber security start-up in Pakistan, Veiliux, aiming to secure all kinds of organizations. Shahmeer also holds relevant certifications in the field of cyber security from renowned organizations such as EC-Council, Mile2, and ELearn Security. By profession, Shahmeer is an electrical engineer working on different IoT products to make the lives of people easier.

See other products by Shahmeer Amir

Carlos A. Lozano

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in the USA and Chile.

See other products by Carlos A. Lozano