- It is important that you observe the web application even if it's based on a third-party CMS, as in this case; the CMS was WordPress and the main vulnerability was the Formidable plugin
- The original report was very detailed and very descriptive, which helped the team verify the vulnerability very quickly; we should also follow the same approach
- The vulnerability originally was an HTML-stored injection flaw that was chained into an SQL injection vulnerability; a similar approach should be used in other vulnerability replications
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Basics of Bug Bounty Hunting
- How to Write a Bug Bounty Report
- SQL Injection Vulnerabilities
- Cross-Site Request Forgery
- Application Logic Vulnerabilities
- Cross-Site Scripting Attacks
- SQL Injection
- Open Redirect Vulnerabilities
- Sub-Domain Takeovers
- XML External Entity Vulnerability
- Template Injection
- Top Bug Bounty Hunting Tools
- Top Learning Resources
- Other Books You May Enjoy
Key learning from this report
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.