一、漏洞复现

可以关注的漏洞

hackerone上10个重置密码的漏洞学习

链接： https://www.anugrahsr.me/posts/10-Password-reset-flaws/

准备点Chrome Fuzz的资料

1.Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1127

2.https://security.googleblog.com/2019/07/chrome-fuzzer-program-update-and-how-to.html

3.https://pentesttools.net/bfuzz-fuzzing-browsers-chrome-firefox/

Fuzz的论文： https://github.com/wcventure/FuzzingPaper

二、子域名接管和XXE

子域名接管

1.https://www.freebuf.com/articles/web/183254.html

2.https://opensource-sec.com/2019/09/30/%E5%AD%90%E5%9F%9F%E5%90%8D%E6%8E%A5%E7%AE%A1%E6%BC%8F%E6%B4%9E/

3.https://xz.aliyun.com/t/4673

4.https://medium.com/@hakluke/how-to-setup-an-automated-sub-domain-takeover-scanner-for-all-bug-bounty-programs-in-5-minutes-3562eb621db3

5.https://0xpatrik.com/takeover-proofs/

6.https://www.mohamedharon.com/

7.https://medium.com/@aishwaryakendle/how-we-hijacked-26-subdomains-9c05c94c7049

8.https://blog.initd.sh/2019/01/subdomain-takeover-explained/

9.https://medium.com/@friendly_/subdomain-takeover-awarded-200-8296f4abe1b0

10.https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75

XXE

hackerone.com/reports/312543

hackerone.com/reports/334488

hackerone .com /reports/347139

hackerone.com/reports/36450

hackerone.com/reports/415501

hackerone.com/reports/486732

三、Rust安全

1.更新了rust-security 的一些信息