Day025

今日重点:

1.Hackerone的新榜单

https://www.hackerone.com/blog/announcing-new-leaderboards-more-ways-engage-compete-and-win

从中国的榜单来看,中国人其实很少,特别是2020年,努力上榜。

https://hackerone.com/leaderboard/country?year=2020&country=CN

2.Latest web hacking tools – Q3 2020

https://portswigger.net/daily-swig/latest-web-hacking-tools-q3-2020

3.HEY.com email stored XSS

https://hackerone.com/reports/982291

漏洞挖掘资料

1.CORS misconfiguration POC Builder

https://tools.honoki.net/cors.html

2.CobaltStrike源码

https://github.com/Freakboy/CobaltStrike

3.burp json插件

https://github.com/synacktiv/burp-jq

4.Extrapolating Adversary Intent Through Infrastructure

https://www.domaintools.com/resources/blog/extrapolating-adversary-intent-through-infrastructure#

5.Talks About bugbountyhunter.com, Recon, Reading Javascript, Getting Started in Bug Bounty

6.Bypassing Restrictions | Website Unblocking | ft. UserAgent | Medium, ETPrime

漏洞报告学习

1.Ticket Trick at https://account.acronis.com

https://hackerone.com/reports/999765

2.漏洞分析 – Apple授权过程的任意账号登录漏洞($100,000)

https://xz.aliyun.com/t/8484

3.从postMessage跨域通信中发现的Facebook DOM XSS

https://www.anquanke.com/post/id/222278

4.SQL LIKE clauses wildcard injection 这个注入需要学习一下

https://hackerone.com/reports/852306

5.DoS on the Direct Messages 猜测是消息DOS

https://hackerone.com/reports/746003

6.Access to multiple production Grafana dashboards 我在想,他是怎么fuzzing的

https://hackerone.com/reports/663628

7.Ticket Trick at https://account.acronis.com 劫持邮件内容

https://hackerone.com/reports/999765

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 登出 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 登出 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 登出 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 登出 /  更改 )

Connecting to %s