bugbounty技巧聚合20211109

漏洞报告

【Shopify 500刀】Senseitive data Related to Shopify Host -> https://shopify.zendesk.com/
https://hackerone.com/reports/1298809

【Shopify 5000刀】Blog posts atom feed of a store with password protection can be accessed by anyone
https://hackerone.com/reports/1256375

【HackerOne 2500刀】Leaked H1’s Employees Email addresses,meeting info on private bug bounty program https://hackerone-hackers.affinity.co/
https://hackerone.com/reports/1285115

挖洞技巧

Taking a quick look at output confusion in Kubernetes with Unicode
https://raesene.github.io/blog/2021/11/06/fun-with-unicode/

CVE-2021-40449
https://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html

Client-Side Prototype Pollution
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/README.md

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞14 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容