一、权限提升学习

https://gauravnarwani.com/priv-esc-highest-admin…

https://shawarkhan.com/2019/08/leveraging-angularjs-based-xss-to-privilege-escalation.htm

https://link.medium.com/9EK64aZ0p3

https://link.medium.com/i3r0isZ0p3

https://link.medium.com/RaArwKZ0p3

https://link.medium.com/z3lGkZZ0p3

二、学习资料

1.重定向payload

https://gist.github.com/El3ctr0Byt3s/653e0ed37e17297dc0461c87d797a1eb#file-open-redirect-payload

2.移动安全学习资料

https://mobisec.reyammer.io/

3.用GPU加速Fuzzer，可以学习一下

Let’s build a high-performance fuzzer with GPUs!

4.Web漏洞检测表

https://six2dez.gitbook.io/pentest-book/others/web-checklist

三、漏洞分析

1.My first bug on Google

在 Medium.com 上查看

四、工具推荐

1.替代burp的开源工具

https://github.com/dstotijn/hetty

2.go学的fuzz，用来发现xss，可以用来学习

https://github.com/Shivangx01b/BountyIt

五、属性污染

1.视频介绍

2. https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications

3.https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/

4.https://github.com/msrkp/PPScan

5.https://blog.p6.is/AST-Injection/