bugbounty技巧聚合20211021

漏洞报告

【Node.js 250刀】HTTP Request Smuggling due to accepting space before colon
https://hackerone.com/reports/1238709

【Nextcloud】RCE on 17 different Docker containers on your network
https://hackerone.com/reports/1332433

【Concrete CMS】Arbitrary File delete via PHAR deserialization
https://hackerone.com/reports/921288

挖洞技巧

How-To: Learn how to write a Burp Suite extension in Kotlin – Setting up
https://blog.yeswehack.com/yeswerhackers/tutorial/how-to-learn-write-burp-suite-extension-kotlin-setting-up/

Bug Bytes #143
https://blog.intigriti.com/2021/10/20/bug-bytes-143-building-an-apache-ssrf-exploit-thesis-on-http-request-smuggling-turbo-intruder-go-brrr

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞12 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容