bugbounty技巧聚合20211129

漏洞报告

【MCUboot】private keys exposed on the GitHub repository
https://hackerone.com/reports/1234531

【XVIDEOS】CSRF on delete friend requests – Not protected with CSRF Token
https://hackerone.com/reports/1408745

挖洞技巧

Data Exfiltration via CSS + SVG Font
https://mksben.l0.cm/2021/11/css-exfiltration-svg-font.html

Hunting for buggy authentication/authorization services on github
https://xvnpw.github.io/posts/hunting_for_buggy_authentication_authorization_services_on_github/

Bug bounty methodology V4.0 — Demonstrated
https://medium.com/geekculture/bug-bounty-methodology-v4-0-demonstrated-8e9cb6ed1b12

How to find new/more domains of a company? – Recon Stuff
https://www.cyberick.com/post/how-to-find-new-more-domains-of-a-company-recon-stuff

Introduction To Bash For System Administration and Bug Bounty Hunting
https://medium.com/@daniel.j.hunt/introduction-to-bash-for-system-administration-and-bug-bounty-hunting-6003e16dc87a

New differential fuzzing tool reveals novel HTTP request smuggling techniques
https://portswigger.net/daily-swig/new-differential-fuzzing-tool-reveals-novel-http-request-smuggling-techniques

TP-Link TL-WR840N EU v5 RCE (PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞8 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容