bugbounty技巧聚合20211123

漏洞报告

【Shopify 1,600 USD】Staff who only have apps and channels permission can do a takeover account at the wholesale store (Bypass get invitation link)
https://hackerone.com/reports/1266828

挖洞技巧

Intigriti’s November XSS challenge: hacking with Maths and Vuejs.
https://medium.com/@pr0fessor/intigritis-november-xss-challenge-writeup-hacking-with-maths-and-vuejs-by-pr0fessor-d6f02902057

Account Takeover Summary
https://salmonsec.com/cheatsheet/account_takeover

[BugBounty] XSS with Markdown — Exploit & Fix on OpenSource
https://lethanhphuc-pk.medium.com/bugbounty-xss-with-markdown-exploit-fix-on-opensource-1baecebe9645

CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable
https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/

挖洞工具

ReconFTW更新
https://github.com/six2dez/reconftw/releases/tag/v2.1.3

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞8 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容