# Bugcrowd slides

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FyF3iRf305Ibzg9HpeX7O%2Fimage.png?alt=media\&token=941f914c-c68d-4589-a821-a6adca1e60df)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FCJRvi0CJqUx2SdGH3KAb%2Fimage.png?alt=media\&token=8b91ffec-fc69-4641-b44b-bf6d77714709)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FXlAowyaZwtlvm2I3wduu%2Fimage.png?alt=media\&token=c3465959-3e85-47db-aadd-7b474b12796c)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2Fj2MSNfTtxHYxAF5ueyFZ%2Fimage.png?alt=media\&token=fdc04018-ae42-4038-b85e-02fe5c83bcfd)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FGyt1L3cNFpMUKEQTKYzx%2Fimage.png?alt=media\&token=d18b4ca9-ac61-4e3d-b022-c67b37ec6cea)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FxIq6IF2LYAFMQkjdQrWO%2Fimage.png?alt=media\&token=d2a710f8-a30e-4a29-be8f-871711052909)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FoOgLbpypnmeLbs6F72pC%2Fimage.png?alt=media\&token=2f851ecd-3fcf-48ec-a839-71fd109c1ab2)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2Fz8D31192USSRNNSaTbqf%2Fimage.png?alt=media\&token=a0bb277d-eb44-4b72-b3d1-b60561f72dc5)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FrOxulkJMjv6EeSG401qy%2Fimage.png?alt=media\&token=3a555753-b276-4ba0-bde4-7f3be91e71d8)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FscuvovS5RBFDs9iC2MIc%2Fimage.png?alt=media\&token=cef508b3-ec55-4302-a79d-e2d43ddbd2ff)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FtEEFvpGvrtLBqP3u5Sv6%2Fimage.png?alt=media\&token=d3d0776a-012b-4d83-84a2-57b56c2abd42)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FdF0hP8UXMB8in1wkgMoR%2Fimage.png?alt=media\&token=df7f8712-2bb6-4b6a-a9ca-951aafa9edaf)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2F1MSOBOMMsQLxom80EhYH%2Fimage.png?alt=media\&token=0fcc9a70-2939-4dd8-b18c-134a24a186b6)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FskMaJPEyP4xYk5Tz61u5%2Fimage.png?alt=media\&token=3b532998-15a0-4de9-bfdc-13d4a81fc277)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FZtePgxbBDzK1ieg6ZgWb%2Fimage.png?alt=media\&token=5a98a13e-3dae-42a6-8419-c25272ab7301)

```
// list to focus on
Authentication and authorization
username enumeration
bypass authorization
authentication and authorization

session security - study guide
session hijacking and fixation
cross-site request forgery
session security


 use a HTML encode, from burp suite, in a tab called “decoder improved”, an extender, downloaded from BaP Store.
 
 attack exploring a simple xss reflected, turn this in a stored one and then elevate the impact of the flaw manipulating the session cookies granting sessions rights to another user.
```

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2F3Q1m5osm8Tplk1na21Qf%2Fimage.png?alt=media\&token=d0e20d71-1b02-4a49-b4df-e0160abb1e2a)

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FVEK9sApoJcoFiHUYOlEJ%2Fimage.png?alt=media\&token=cc57edad-4c25-4544-8095-4442d867c786)