Web Hacking 101

8 min read Original article ↗

Kick off your book project in 3 hours! Live workshop on Zoom. You’ll leave with a real book project, progress on your first chapter, and a clear plan to keep going. Saturday, June 6, 2026. Learn more…

How to Make Money Hacking Ethically

You pay

Author earns

About

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilies or don't include any real world examples. This book is different.

Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:

  • HTML Injection
  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)
  • Open Redirects
  • Remote Code Execution (RCE)
  • Application Logic
  • and more...

Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.

Share this book

Categories

Feedback

Author

Peter Yaworski

Peter Yaworski is a self-taught developer who started off "developing" websites with Drupal. As he slowly started picking things up, he published YouTube video tutorials to give back to others.

He has since moved on to Rails and Android before developing a keen interest in software security. Right now, he is focused on developing Dailylearns.com, where he is the Lead Developer, and continuing to learn about software development best practices.

You can find his site at www.TorontoWebsiteDeveloper.com or message him on Twitter.

Leanpub Podcast

Episode 40

An Interview with Peter Yaworski

Translations

Testimonials

  • I highly recommend Web Hacking 101. The $10 I paid was more than worth it when I got a $500 bounty from PayPal using examples Pete provided. Combined with the constant updates he provides, which I have access to for life, it's a great buy.

    Danil Gribkov

    @danilgribkov

  • I support Bounty Hunters, #reading Web Hacking 101: How to Make Money Hacking Ethically by @yaworsk #bugbounty - leanpub.com/web-hacking-101 --Twitter

    Jason Haddix

    Father, hacker, Director of Technical Operations @Bugcrowd, blogger, & nerd

  • Want to explore the art and skill of hacking? Try the latest release of @yaworsk's book! --Twitter

    Michiel Prins

    Co-Found of HackerOne

  • Anyone who's interested in web hacking and making money with it, I'd recommend reading this book: leanpub.com/web-hacking-101! #bugbounty --Twitter

    Jobert Abma

    Co-Founder of HackerOne

  • Worth to read (just bought my copy): How to Make Money Hacking Ethically by @yaworsk leanpub.com/web-hacking-101 #bugbounty --Twitter

    Leo Niemelä

    CSO at LocalTapiola Group

  • Awesome book written by @yaworsk. If for some reason you haven't read it yet make sure you do! --Twitter

    Ben Sadeghipour

    Bug Bounty participant. Blogger. Gamer.

  • Real-world case studies that helped me score a $600 "Hack The Pentagon" bounty. This book also gave me the confidence boost I needed to land a high paying job as a security engineer at a top aerospace defense company.

    Jonathan Avery

    Hacker

  • Superb work by @yaworsk in leanpub.com/web-hacking-101 I couldn't recommend it more, awesome writing style, you definitely should get it! --Twitter

    @brutelogic

    Security researcher @sucurisecurity

  • Web hacking 101 is an amazing beginners guide to breaking web applications as a bug bounty hunter. All sections of the book are backed up by references from actual publicly disclosed vulnerabilities. The focus on the unique findings for each category will more than likely teach some new tricks. It is well worth double the asking price.

    Ebrietas

    Pseudo hacker, information security lover, and bug bounty participant

  • I recommend "Web Hacking 101" about bug bounties and web security. Great book. Thank you @yaworsk leanpub.com/web-hacking-101 #bugbounty --Twitter

    Andy Grunwald

    Software Engineer (Site Reliability and Platform Engineering) at @trivago. I solve problems and put things into production.

Contents

1.Foreword

2.Introduction

  1. How It All Started
  2. Just 30 Examples and My First Sale
  3. Who This Book Is Written For
  4. Chapter Overview
  5. Word of Warning and a Favour

3.Background

4.Open Redirect Vulnerabilities

  1. Description
  2. Examples
  3. 1. Shopify Theme Install Open Redirect
  4. 2. Shopify Login Open Redirect
  5. 3. HackerOne Interstitial Redirect
  6. Summary

5.HTTP Parameter Pollution

  1. Description
  2. Examples
  3. 1. HackerOne Social Sharing Buttons
  4. 2. Twitter Unsubscribe Notifications
  5. 3. Twitter Web Intents
  6. Summary

6.Cross-Site Request Forgery

  1. Description
  2. Examples
  3. 1. Shopify Twitter Disconnect
  4. 2. Change Users Instacart Zones
  5. 3. Badoo Full Account Takeover
  6. Summary

7.HTML Injection

  1. Description
  2. Examples
  3. 1. Coinbase Comments
  4. 2. HackerOne Unintended HTML Inclusion
  5. 3. Within Security Content Spoofing
  6. Summary

8.CRLF Injection

  1. Description
  2. 1. Twitter HTTP Response Splitting
  3. 2. v.shopify.com Response Splitting
  4. Summary

9.Cross-Site Scripting

  1. Description
  2. Examples
  3. 1. Shopify Wholesale
  4. 2. Shopify Giftcard Cart
  5. 3. Shopify Currency Formatting
  6. 4. Yahoo Mail Stored XSS
  7. 5. Google Image Search
  8. 6. Google Tagmanager Stored XSS
  9. 7. United Airlines XSS
  10. Summary

10.Template Injection

  1. Description
  2. Server Side Template Injections
  3. Client Side Template Injections
  4. Examples
  5. 1. Uber Angular Template Injection
  6. 2. Uber Template Injection
  7. 3. Rails Dynamic Render
  8. Summary

11.SQL Injection

  1. Description
  2. SQL Databases
  3. Countermeasures Against SQLi
  4. Examples
  5. 1. Drupal SQL Injection
  6. 2. Yahoo Sports Blind SQL
  7. 3. Uber Blind SQLi
  8. Summary

12.Server Side Request Forgery

  1. Description
  2. HTTP Request Location
  3. Invoking GET Versus POST Requests
  4. Blind SSRFs
  5. Leveraging SSRF
  6. Examples
  7. 1. ESEA SSRF and Querying AWS Metadata
  8. 2. Google Internal DNS SSRF
  9. Takeaways
  10. 3. Internal Port Scanning
  11. Takeaways
  12. Summary

13.XML External Entity Vulnerability

  1. Description
  2. Examples
  3. 1. Read Access to Google
  4. 2. Facebook XXE with Word
  5. 3. Wikiloc XXE
  6. Summary

14.Remote Code Execution

  1. Description
  2. Examples
  3. 1. Polyvore ImageMagick
  4. 2. Algolia RCE on facebooksearch.algolia.com
  5. 3. Foobar Smarty Template Injection RCE
  6. Summary

15.Memory

  1. Description
  2. Buffer Overflow
  3. Read out of Bounds
  4. Memory Corruption
  5. Examples
  6. 1. PHP ftp_genlist()
  7. 2. Python Hotshot Module
  8. 3. Libcurl Read Out of Bounds
  9. 4. PHP Memory Corruption
  10. Summary

16.Sub Domain Takeover

  1. Description
  2. Examples
  3. 1. Ubiquiti Sub Domain Takeover
  4. 2. Scan.me Pointing to Zendesk
  5. 3. Shopify Windsor Sub Domain Takeover
  6. 4. Snapchat Fastly Takeover
  7. 5. api.legalrobot.com
  8. 6. Uber SendGrid Mail Takeover
  9. Summary

17.Race Conditions

  1. Description
  2. Examples
  3. 1. Starbucks Race Conditions
  4. 2. Accepting HackerOne Invites Multiple Times
  5. 3. Exceeding Keybase Invitation Limits
  6. 4. HackerOne Payments
  7. Summary

18.Insecure Direct Object References

  1. Description
  2. Examples
  3. 1. Binary.com Privilege Escalation
  4. 2. Moneybird App Creation
  5. 3. Twitter Mopub API Token Stealing
  6. Summary

19.OAuth

  1. Description
  2. Examples
  3. 1. Swiping Facebook Official Access Tokens
  4. 2. Stealing Slack OAuth Tokens
  5. 3. Stealing Google Drive Spreadsheets
  6. Summary

20.Application Logic Vulnerabilities

  1. Description
  2. Examples
  3. 1. Shopify Administrator Privilege Bypass
  4. 2. HackerOne Signal Manipulation
  5. 3. Shopify S3 Buckets Open
  6. 4. HackerOne S3 Buckets Open
  7. 5. Bypassing GitLab Two Factor Authentication
  8. 6. Yahoo PHP Info Disclosure
  9. 7. HackerOne Hacktivity Voting
  10. 8. Accessing PornHub’s Memcache Installation
  11. 9. Bypassing Twitter Account Protections
  12. Summary

21.Getting Started

  1. Reconnaissance
  2. Subdomain Enumeration
  3. Port Scanning
  4. Screenshotting
  5. Content Discovery
  6. Previous Bugs
  7. Testing the Application
  8. The Technology Stack
  9. Functionality Mapping
  10. Finding Vulnerabilities
  11. Going Further
  12. Summary

22.Vulnerability Reports

  1. Read the disclosure guidelines.
  2. Include Details. Then Include More.
  3. Confirm the Vulnerability
  4. Show Respect for the Company
  5. Bounties
  6. Don’t Shout Hello Before Crossing the Pond
  7. Parting Words

23.Tools

  1. Burp Suite
  2. ZAP Proxy
  3. Knockpy
  4. HostileSubBruteforcer
  5. Sublist3r
  6. crt.sh
  7. IPV4info.com
  8. SecLists
  9. XSSHunter
  10. sqlmap
  11. Nmap
  12. Eyewitness
  13. Gowitness
  14. Gobuster
  15. Meg
  16. Shodan
  17. Censys
  18. What CMS
  19. BuiltWith
  20. Nikto
  21. Recon-ng
  22. GitRob
  23. CyberChef
  24. OnlineHashCrack.com
  25. idb
  26. Wireshark
  27. Bucket Finder
  28. Race the Web
  29. Google Dorks
  30. JD GUI
  31. Mobile Security Framework
  32. Ysoserial
  33. Firefox Plugins
  34. FoxyProxy
  35. User Agent Switcher
  36. Firebug
  37. Hackbar
  38. Websecurify
  39. Cookie Manager+
  40. XSS Me
  41. Offsec Exploit-db Search
  42. Wappalyzer

24.Resources

  1. Online Training
  2. Web Application Exploits and Defenses
  3. The Exploit Database
  4. Udacity
  5. Bug Bounty Platforms
  6. Hackerone.com
  7. Bugcrowd.com
  8. Synack.com
  9. Cobalt.io
  10. Video Tutorials
  11. youtube.com/yaworsk1
  12. Seccasts.com
  13. How to Shot Web
  14. Further Reading
  15. OWASP.com
  16. Hackerone.com/hacktivity
  17. https://bugzilla.mozilla.org
  18. Twitter #infosec and #bugbounty
  19. Twitter @disclosedh1
  20. Web Application Hackers Handbook
  21. Bug Hunters Methodology
  22. Recommended Blogs
  23. philippeharewood.com
  24. Philippe’s Facebook Page - www.facebook.com/phwd-113702895386410
  25. fin1te.net
  26. NahamSec.com
  27. blog.it-securityguard.com
  28. blog.innerht.ml
  29. blog.orange.tw
  30. Portswigger Blog
  31. Nvisium Blog
  32. blog.zsec.uk
  33. brutelogic.com.br
  34. lcamtuf.blogspot.ca
  35. Bug Crowd Blog
  36. HackerOne Blog
  37. Cheatsheets

25.Glossary

  1. Black Hat Hacker
  2. Buffer Overflow
  3. Bug Bounty Program
  4. Bug Report
  5. CRLF Injection
  6. Cross Site Request Forgery
  7. Cross Site Scripting
  8. HTML Injection
  9. HTTP Parameter Pollution
  10. HTTP Response Splitting
  11. Memory Corruption
  12. Open Redirect
  13. Penetration Testing
  14. Researchers
  15. Response Team
  16. Responsible Disclosure
  17. Vulnerability
  18. Vulnerability Coordination
  19. Vulnerability Disclosure
  20. White Hat Hacker

26.Appendix A - Take Aways

  1. Open Redirects
  2. HTTP Parameter Pollution
  3. Cross Site Request Forgery
  4. HTML Injection
  5. CRLF Injections
  6. Cross-Site Scripting
  7. SSTI
  8. SQL Injection
  9. Server Side Request Forgery
  10. XML External Entity Vulnerability
  11. Remote Code Execution
  12. Memory
  13. Sub Domain Takeover
  14. Race Conditions
  15. Insecure Direct Object References
  16. OAuth
  17. Application Logic Vulnerabilities

27.Appendix B - Web Hacking 101 Changelog

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub