bugbounty技巧聚合20211111

漏洞报告

【New Relic 1,024 USD】Reflected XSS in VPN Appliance
https://hackerone.com/reports/1386438

【Concrete CMS】A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution
https://hackerone.com/reports/1350444

挖洞技巧

Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
https://www.intruder.io/research/practical-http-header-smuggling

Android WebViews use and abuse
https://docs.google.com/presentation/d/18xhCZ4fnC2UC4FZ7w_zEIKfiejckn86JU1RqGxvEhTM/mobilepresent?slide=id.g1006589e594_0_3

挖洞工具

Run all your bug bounty VPN profiles in parallel and expose them via multiple local SOCKS proxies.
https://github.com/honoki/bugbounty-openvpn-socks

文字来源于- 火线 Zone-云安全社区,安全小天地只做文章分享,如有侵权,请联系站长删除


「渗透云记」公众号里主要记录我每天的所思所想,我会坚持更新质量不错的文章,感兴趣的小伙伴可以扫描下方二维码,谢谢支持! 安全小天地 - 公众号 - 渗透云记
© 版权声明
THE END
喜欢就支持一下吧
点赞13 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容