The Guide to Finding and Reporting Web Vulnerabilities
About the Author
About the Tech Reviewer
Foreword
Introduction
Who This Book Is For
What Is In This Book
Happy Hacking!
1 Picking a Bug Bounty Program
- The State of the Industry
- Asset Types
- Bug Bounty Platforms
- Scope, Payouts, and Response Times
- Private Programs
- Choosing the Right Program
- A Quick Comparison of Popular Programs
2 Sustaining Your Success
- Writing a Good Report
- Building a Relationship with the Development Team
- Understanding Why You’re Failing
- What to Do When You’re Stuck
- Lastly, a Few Words of Experience
3 How the Internet Works
- The Client-Server Model
- The Domain Name System
- Internet Ports
- HTTP Requests and Responses
- Internet Security Controls
- Learn to Program
4 Environmental Setup and Traffic Interception
- Choosing an Operating System
- Setting Up the Essentials: A Browser and a Proxy
- Using Burp
- A Final Note on . . . Taking Notes
5 Web Hacking Reconnaissance
- Manually Walking Through the Target
- Google Dorking
- Scope Discovery
- Other Sneaky OSINT Techniques
- Tech Stack Fingerprinting
- Writing Your Own Recon Scripts
- A Note on Recon APIs
- Start Hacking!
- Tools Mentioned in This Chapter
6 Cross-Site Scripting
- Mechanisms
- Types of XSS
- Prevention
- Hunting for XSS
- Bypassing XSS Protection
- Escalating the Attack
- Automating XSS Hunting
- Finding Your First XSS!
7 Open Redirects
- Mechanisms
- Prevention
- Hunting for Open Redirects
- Bypassing Open-Redirect Protection
- Escalating the Attack
- Finding Your First Open Redirect!
8 Clickjacking
- Mechanisms
- Prevention
- Hunting for Clickjacking
- Bypassing Protections
- Escalating the Attack
- A Note on Delivering the Clickjacking Payload
- Finding Your First Clickjacking Vulnerability!
9 Cross-Site Request Forgery
- Mechanisms
- Prevention
- Hunting for CSRFs
- Bypassing CSRF Protection
- Escalating the Attack
- Delivering the CSRF Payload
- Finding Your First CSRF!
10 Insecure Direct Object References
- Mechanisms
- Prevention
- Hunting for IDORs
- Bypassing IDOR Protection
- Escalating the Attack
- Automating the Attack
- Finding Your First IDOR!
11 SQL Injection
- Mechanisms
- Prevention
- Hunting for SQL Injections
- Escalating the Attack
- Automating SQL Injections
- Finding Your First SQL Injection!
12 Race Conditions
- Mechanisms
- When a Race Condition Becomes a Vulnerability
- Prevention
- Hunting for Race Conditions
- Escalating Race Conditions
- Finding Your First Race Condition!
13 Server-Side Request Forgery
- Mechanisms
- Prevention
- Hunting for SSRFs
- Bypassing SSRF Protection
- Escalating the Attack
- Finding Your First SSRF!
14 Insecure Deserialization
- Mechanisms
- Prevention
- Hunting for Insecure Deserialization
- Escalating the Attack
- Finding Your First Insecure Deserialization!
15 XML External Entity
- Mechanisms
- Prevention
- Hunting for XXEs
- Escalating the Attack
- More About Data Exfiltration Using XXEs
- Finding Your First XXE!
16 Template Injection
- Mechanisms
- Prevention
- Hunting for Template Injection
- Escalating the Attack
- Automating Template Injection
- Finding Your First Template Injection!
17 Application Logic Errors and Broken Access Control
- Application Logic Errors
- Broken Access Control
- Prevention
- Hunting for Application Logic Errors and Broken Access Control
- Escalating the Attack
- Finding Your First Application Logic Error or Broken Access Control!
18 Remote Code Execution
- Mechanisms
- Prevention
- Hunting for RCEs
- Escalating the Attack
- Bypassing RCE Protection
- Finding Your First RCE!
19 Same-Origin Policy Vulnerabilities
- Mechanisms
- Hunting for SOP Bypasses
- Escalating the Attack
- Finding Your First SOP Bypass Vulnerability!
20 Single-Sign-On Security Issues
- Mechanisms
- Note
- Hunting for Subdomain Takeovers
- Monitoring for Subdomain Takeovers
- Hunting for SAML Vulnerabilities
- Hunting for OAuth Token Theft
- Escalating the Attack
- Finding Your First SSO Bypass!
21 Information Disclosure
- Mechanisms
- Prevention
- Hunting for Information Disclosure
- Escalating the Attack
- Finding Your First Information Disclosure!
22 Conducting Code Reviews
- Note
- White-Box vs. Black-Box Testing
- The Fast Approach: grep Is Your Best Friend
- The Detailed Approach
- Exercise: Spot the Vulnerabilities
23 Hacking Android Apps
- Note
- Setting Up Your Mobile Proxy
- Bypassing Certificate Pinning
- Anatomy of an APK
- Tools to Use
- Hunting for Vulnerabilities
24 API Hacking
- What Are APIs?
- Hunting for API Vulnerabilities
25 Automatic Vulnerability Discovery Using Fuzzers
- What Is Fuzzing?
- How a Web Fuzzer Works
- The Fuzzing Process
- Fuzzing with Wfuzz
- Fuzzing vs. Static Analysis
- Pitfalls of Fuzzing
- Adding to Your Automated Testing Toolkit

文江博客开发文档 Bug Bounty Bootcamp 中文版文章详情

文章来源于网络收集而来，版权归原创者所有，如有侵权请及时联系！

Finding Your First SOP Bypass Vulnerability!

发布于 2024-10-11 20:34:04 字数 1180 浏览 0 评论 0 收藏 0

Go ahead and start looking for your first SOP bypass. To find SOP-bypass vulnerabilities, you will need to understand the SOP relaxation techniques the target is using. You may also want to become familiar with JavaScript in order to craft effective POCs.

请开始寻找您的第一个 SOP 绕过。要发现 SOP 绕过漏洞，您需要了解目标使用的 SOP 放宽技术。您可能还需要熟悉 JavaScript，以制作有效的 POC。

Find out if the application uses any SOP relaxation techniques. Is the application using CORS, postMessage , or JSONP?
If the site is using CORS, test the strength of the CORS allowlist by submitting test Origin headers.
If the site is using postMessage , see if you can send or receive messages as an untrusted site.
If the site is using JSONP, try to embed a script tag on your site and request the sensitive data wrapped in the JSONP payload.
Determine the sensitivity of the information you can steal using the vulnerability, and see if you can do something more.
Submit your bug report to the program!

收藏 0

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

列表为空，暂无数据

我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的隐私政策了解更多相关信息。单击 接受 或继续使用网站，即表示您同意使用 Cookies 和您的相关数据。

原文