logo资料库

Web Hacking 101: How to Make Money Hacking Ethically.pdf

发布时间:2022-06-08 发布人:admin 分类:说明书 资料大小:9.37M 资料格式:pdf 举报 版权申诉
第1页 / 共255页
第2页 / 共255页
第3页 / 共255页
第4页 / 共255页
第5页 / 共255页
第6页 / 共255页
第7页 / 共255页
第8页 / 共255页
资料共255页,剩余部分请下载后查看
    Table of Contents
    Foreword
    Introduction
    How It All Started
    Just 30 Examples and My First Sale
    Who This Book Is Written For
    Chapter Overview
    Word of Warning and a Favour
    Background
    Open Redirect Vulnerabilities
    Description
    Examples
    1. Shopify Theme Install Open Redirect
    2. Shopify Login Open Redirect
    3. HackerOne Interstitial Redirect
    Summary
    HTTP Parameter Pollution
    Description
    Examples
    1. HackerOne Social Sharing Buttons
    2. Twitter Unsubscribe Notifications
    3. Twitter Web Intents
    Summary
    Cross-Site Request Forgery
    Description
    Examples
    1. Shopify Twitter Disconnect
    2. Change Users Instacart Zones
    3. Badoo Full Account Takeover
    Summary
    HTML Injection
    Description
    Examples
    1. Coinbase Comments
    2. HackerOne Unintended HTML Inclusion
    3. Within Security Content Spoofing
    Summary
    CRLF Injection
    Description
    1. Twitter HTTP Response Splitting
    2. v.shopify.com Response Splitting
    Summary
    Cross-Site Scripting
    Description
    Examples
    1. Shopify Wholesale
    2. Shopify Giftcard Cart
    3. Shopify Currency Formatting
    4. Yahoo Mail Stored XSS
    5. Google Image Search
    6. Google Tagmanager Stored XSS
    7. United Airlines XSS
    Summary
    Template Injection
    Description
    Server Side Template Injections
    Client Side Template Injections
    Examples
    1. Uber Angular Template Injection
    2. Uber Template Injection
    3. Rails Dynamic Render
    Summary
    SQL Injection
    Description
    SQL Databases
    Countermeasures Against SQLi
    Examples
    1. Drupal SQL Injection
    2. Yahoo Sports Blind SQL
    3. Uber Blind SQLi
    Summary
    Server Side Request Forgery
    Description
    HTTP Request Location
    Invoking GET Versus POST Requests
    Blind SSRFs
    Leveraging SSRF
    Examples
    1. ESEA SSRF and Querying AWS Metadata
    2. Google Internal DNS SSRF
    3. Internal Port Scanning
    Summary
    XML External Entity Vulnerability
    Description
    Examples
    1. Read Access to Google
    2. Facebook XXE with Word
    3. Wikiloc XXE
    Summary
    Remote Code Execution
    Description
    Examples
    1. Polyvore ImageMagick
    2. Algolia RCE on facebooksearch.algolia.com
    3. Foobar Smarty Template Injection RCE
    Summary
    Memory
    Description
    Buffer Overflow
    Read out of Bounds
    Memory Corruption
    Examples
    1. PHP ftp_genlist()
    2. Python Hotshot Module
    3. Libcurl Read Out of Bounds
    4. PHP Memory Corruption
    Summary
    Sub Domain Takeover
    Description
    Examples
    1. Ubiquiti Sub Domain Takeover
    2. Scan.me Pointing to Zendesk
    3. Shopify Windsor Sub Domain Takeover
    4. Snapchat Fastly Takeover
    5. api.legalrobot.com
    6. Uber SendGrid Mail Takeover
    Summary
    Race Conditions
    Description
    Examples
    1. Starbucks Race Conditions
    2. Accepting HackerOne Invites Multiple Times
    3. Exceeding Keybase Invitation Limits
    4. HackerOne Payments
    Summary
    Insecure Direct Object References
    Description
    Examples
    1. Binary.com Privilege Escalation
    2. Moneybird App Creation
    3. Twitter Mopub API Token Stealing
    Summary
    OAuth
    Description
    Examples
    1. Swiping Facebook Official Access Tokens
    2. Stealing Slack OAuth Tokens
    3. Stealing Google Drive Spreadsheets
    Summary
    Application Logic Vulnerabilities
    Description
    Examples
    1. Shopify Administrator Privilege Bypass
    2. HackerOne Signal Manipulation
    3. Shopify S3 Buckets Open
    4. HackerOne S3 Buckets Open
    5. Bypassing GitLab Two Factor Authentication
    6. Yahoo PHP Info Disclosure
    7. HackerOne Hacktivity Voting
    8. Accessing PornHub's Memcache Installation
    9. Bypassing Twitter Account Protections
    Summary
    Getting Started
    Reconnaissance
    Subdomain Enumeration
    Port Scanning
    Screenshotting
    Content Discovery
    Previous Bugs
    Testing the Application
    The Technology Stack
    Functionality Mapping
    Finding Vulnerabilities
    Going Further
    Summary
    Vulnerability Reports
    Read the disclosure guidelines.
    Include Details. Then Include More.
    Confirm the Vulnerability
    Show Respect for the Company
    Bounties
    Don't Shout Hello Before Crossing the Pond
    Parting Words
    Tools
    Burp Suite
    ZAP Proxy
    Knockpy
    HostileSubBruteforcer
    Sublist3r
    crt.sh
    IPV4info.com
    SecLists
    XSSHunter
    sqlmap
    Nmap
    Eyewitness
    Gowitness
    Gobuster
    Meg
    Shodan
    Censys
    What CMS
    BuiltWith
    Nikto
    Recon-ng
    GitRob
    CyberChef
    OnlineHashCrack.com
    idb
    Wireshark
    Bucket Finder
    Race the Web
    Google Dorks
    JD GUI
    Mobile Security Framework
    Ysoserial
    Firefox Plugins
    FoxyProxy
    User Agent Switcher
    Firebug
    Hackbar
    Websecurify
    Cookie Manager+
    XSS Me
    Offsec Exploit-db Search
    Wappalyzer
    Resources
    Online Training
    Web Application Exploits and Defenses
    The Exploit Database
    Udacity
    Bug Bounty Platforms
    Hackerone.com
    Bugcrowd.com
    Synack.com
    Cobalt.io
    Video Tutorials
    youtube.com/yaworsk1
    Seccasts.com
    How to Shot Web
    Further Reading
    OWASP.com
    Hackerone.com/hacktivity
    https://bugzilla.mozilla.org
    Twitter #infosec and #bugbounty
    Twitter @disclosedh1
    Web Application Hackers Handbook
    Bug Hunters Methodology
    Recommended Blogs
    philippeharewood.com
    Philippe's Facebook Page - www.facebook.com/phwd-113702895386410
    fin1te.net
    NahamSec.com
    blog.it-securityguard.com
    blog.innerht.ml
    blog.orange.tw
    Portswigger Blog
    Nvisium Blog
    blog.zsec.uk
    brutelogic.com.br
    lcamtuf.blogspot.ca
    Bug Crowd Blog
    HackerOne Blog
    Cheatsheets
    Glossary
    Black Hat Hacker
    Buffer Overflow
    Bug Bounty Program
    Bug Report
    CRLF Injection
    Cross Site Request Forgery
    Cross Site Scripting
    HTML Injection
    HTTP Parameter Pollution
    HTTP Response Splitting
    Memory Corruption
    Open Redirect
    Penetration Testing
    Researchers
    Response Team
    Responsible Disclosure
    Vulnerability
    Vulnerability Coordination
    Vulnerability Disclosure
    White Hat Hacker
    Appendix A - Take Aways
    Open Redirects
    HTTP Parameter Pollution
    Cross Site Request Forgery
    HTML Injection
    CRLF Injections
    Cross-Site Scripting
    SSTI
    SQL Injection
    Server Side Request Forgery
    XML External Entity Vulnerability
    Remote Code Execution
    Memory
    Sub Domain Takeover
    Race Conditions
    Insecure Direct Object References
    OAuth
    Application Logic Vulnerabilities
    Appendix B - Web Hacking 101 Changelog
    Web Hacking 101 How to Make Money Hacking Ethically Peter Yaworski This book is for sale at http://leanpub.com/web-hacking-101 This version was published on 2018-11-30 This is a Leanpub book. Leanpub empowers authors and publishers with the Lean Publishing process. Lean Publishing is the act of publishing an in-progress ebook using lightweight tools and many iterations to get reader feedback, pivot until you have the right book and build traction once you do. © 2015 - 2018 Peter Yaworski
    Tweet This Book! Please help Peter Yaworski by spreading the word about this book on Twitter! The suggested tweet for this book is: Can’t wait to read Web Hacking 101: How to Make Money Hacking Ethically by @yaworsk #bugbounty The suggested hashtag for this book is #bugbounty. Find out what other people are saying about the book by clicking on this link to search for this hashtag on Twitter: #bugbounty
    To Andrea and Ellie, thank you for supporting my constant roller coaster of motivation and confidence. Not only would I never have finished this book without you, my journey into hacking never would have even begun. To the HackerOne team, this book wouldn’t be what it is if it were not for you, thank you for all the support, feedback and work that you contributed to make this book more than just an analysis of 30 disclosures. Lastly, while this book sells for a minimum of $9.99, sales at or above the suggested price of $19.99 help me to keep the minimum price low, so this book remains accessible to people who can’t afford to pay more. Those sales also allow me to take time away from hacking to continually add content and make the book better so we can all learn together. While I wish I could list everyone who has paid more than the minimum to say thank you, the list would be too long and I don’t actually know any contact details of buyers unless they reach out to me. However, there is a small group who paid more than the suggested price when making their purchases, which really goes a long way. I’d like to recognize them here. They include: 1. @Ebrietas0 2. Mystery Buyer 3. Mystery Buyer 4. @nahamsec (Ben Sadeghipour) 5. Mystery Buyer 6. @Spam404Online 7. @Danyl0D (Danylo Matviyiv) 8. Mystery Buyer 9. @arneswinnen (Arne Swinnen) If you should be on this list, please DM me on Twitter. To everyone who purchased a copy of this, thank you!
    Contents 1. Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How It All Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Just 30 Examples and My First Sale . . . . . . . . . . . . . . . . . . . . . . . . . . Who This Book Is Written For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Word of Warning and a Favour . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4. Open Redirect Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Shopify Theme Install Open Redirect . . . . . . . . . . . . . . . . . . . . . . . 2. Shopify Login Open Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. HackerOne Interstitial Redirect Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. HTTP Parameter Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. HackerOne Social Sharing Buttons . . . . . . . . . . . . . . . . . . . . . . . . 2. Twitter Unsubscribe Notifications . . . . . . . . . . . . . . . . . . . . . . . . . 3. Twitter Web Intents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. Cross-Site Request Forgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Shopify Twitter Disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. Change Users Instacart Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Badoo Full Account Takeover . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 3 3 4 6 7 9 10 13 13 14 14 14 16 17 19 19 22 22 23 24 27 28 28 32 32 34 35 37
    CONTENTS 7. HTML Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Coinbase Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. HackerOne Unintended HTML Inclusion . . . . . . . . . . . . . . . . . . . . . 3. Within Security Content Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8. CRLF Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Twitter HTTP Response Splitting . . . . . . . . . . . . . . . . . . . . . . . . . . 2. v.shopify.com Response Splitting . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9. Cross-Site Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Shopify Wholesale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. Shopify Giftcard Cart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Shopify Currency Formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4. Yahoo Mail Stored XSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. Google Image Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. Google Tagmanager Stored XSS . . . . . . . . . . . . . . . . . . . . . . . . . . 7. United Airlines XSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10. Template Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Side Template Injections . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Side Template Injections . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Uber Angular Template Injection . . . . . . . . . . . . . . . . . . . . . . . . . 2. Uber Template Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Rails Dynamic Render . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11. SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SQL Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Countermeasures Against SQLi Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. Drupal SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. Yahoo Sports Blind SQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Uber Blind SQLi 38 38 38 38 40 41 43 44 44 45 47 49 50 50 55 55 57 59 60 62 63 64 69 70 70 70 71 72 72 73 76 77 78 78 78 80 80 80 83 86
    CONTENTS Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 12. Server Side Request Forgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HTTP Request Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Invoking GET Versus POST Requests . . . . . . . . . . . . . . . . . . . . . . . . . Blind SSRFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Leveraging SSRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. ESEA SSRF and Querying AWS Metadata . . . . . . . . . . . . . . . . . . . . . 2. Google Internal DNS SSRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Internal Port Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 90 90 91 91 92 93 93 94 98 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 13. XML External Entity Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 1. Read Access to Google . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 2. Facebook XXE with Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 3. Wikiloc XXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 14. Remote Code Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 1. Polyvore ImageMagick . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 2. Algolia RCE on facebooksearch.algolia.com . . . . . . . . . . . . . . . . . . . 116 3. Foobar Smarty Template Injection RCE . . . . . . . . . . . . . . . . . . . . . . 118 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 15. Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Read out of Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Memory Corruption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 1. PHP ftp_genlist() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 2. Python Hotshot Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 3. Libcurl Read Out of Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 4. PHP Memory Corruption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 16. Sub Domain Takeover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
    CONTENTS Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 1. Ubiquiti Sub Domain Takeover . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 2. Scan.me Pointing to Zendesk . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 3. Shopify Windsor Sub Domain Takeover . . . . . . . . . . . . . . . . . . . . . 134 4. Snapchat Fastly Takeover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 5. api.legalrobot.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 6. Uber SendGrid Mail Takeover . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 17. Race Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 1. Starbucks Race Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 2. Accepting HackerOne Invites Multiple Times . . . . . . . . . . . . . . . . . . 147 3. Exceeding Keybase Invitation Limits . . . . . . . . . . . . . . . . . . . . . . . 150 4. HackerOne Payments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 18. Insecure Direct Object References . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 1. Binary.com Privilege Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . 155 2. Moneybird App Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 3. Twitter Mopub API Token Stealing . . . . . . . . . . . . . . . . . . . . . . . . . 158 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 19. OAuth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 1. Swiping Facebook Official Access Tokens . . . . . . . . . . . . . . . . . . . . 165 2. Stealing Slack OAuth Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 3. Stealing Google Drive Spreadsheets . . . . . . . . . . . . . . . . . . . . . . . 167 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 20. Application Logic Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 1. Shopify Administrator Privilege Bypass . . . . . . . . . . . . . . . . . . . . . 172 2. HackerOne Signal Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . 173 3. Shopify S3 Buckets Open . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 4. HackerOne S3 Buckets Open . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 5. Bypassing GitLab Two Factor Authentication . . . . . . . . . . . . . . . . . . 177 6. Yahoo PHP Info Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 7. HackerOne Hacktivity Voting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
    分享到:
    收藏

    相关推荐

    资料库

    课程资源

    共收录17145份资料,累计13个分类,关注成员有19位,主要包括:PHP,网络管理,网页制作,Java,.Net,数据库,3G/移动开发,C/C++,游戏开发,嵌入式,讲义,软件测试,专业指导

    热门标签

    PHP 网络管理 网页制作 Java .Net 数据库 3G/移动开发 C/C++ 游戏开发 嵌入式 讲义 软件测试 专业指导

    最新资料