!
也想出现在这里? 联系我们
创意广告

bugbounty技巧聚合20211104

漏洞报告

【Flickr 500刀】critical server misconfiguration lead to access to any user sensitive data which include user email and password
https://hackerone.com/reports/1365738

【GitHub Security Lab】C# : Add query to detect Server Side Request Forgery
https://hackerone.com/reports/1389905

【Node.js 250刀】HTTP Request Smuggling due to ignoring chunk extensions
https://hackerone.com/reports/1238099

【 Mail.ru】[samokat.ru] PHP modules path disclosure due to lack of error handling
https://hackerone.com/reports/1353244

【Lark Technologies 7,500刀】Attacker is able to join any tenant on larksuite and view personal files/chats.
https://hackerone.com/reports/1363185

挖洞技巧

Sitecore Experience Platform Pre-Auth RCE
https://blog.assetnote.io/2021/11/02/sitecore-rce/

A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
https://perception-point.io/a-technical-analysis-of-cve-2021-30864-bypassing-app-sandbox-restrictions/

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞15 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容