bugbounty技巧聚合20211126

漏洞报告

【Traffic Factory】WordPress Plugin Update Confusion at trafficfactory.com
https://hackerone.com/reports/1364851

【Shopify】Sidekiq dashboard exposed at notary.shopifycloud.com
https://hackerone.com/reports/1405673

【Shopify】A non-privileged user may create an admin account in Stocky
https://hackerone.com/reports/1245736

【Shopify】Insufficient session expiration in the com.shopify.ping android app
https://hackerone.com/reports/1172205

挖洞技巧

Enzyme Finance Price Oracle Manipulation Bug Fix Postmortem
https://medium.com/immunefi/enzyme-finance-price-oracle-manipulation-bug-fix-postmortem-4e1f3d4201b5

The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
https://spaceraccoon.dev/the-infosecurity-challenge-2021-full-writeup-battle-royale-for-30k

Make JDBC Attack Brilliant Again> in HITB Singapore this year. One is MySQL Connector/J XXE, the other is Jython JDBC JNDI injection.
https://github.com/pyn3rd/my-presentation-slide/blob/master/Make_JDBC_Attack_Brilliant_Again_All.pdf

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞9 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容