Day031

今日重点:

1.Project Resonance Wave 1: Internet-Wide Analysis of Subdomain Takeover

https://redhuntlabs.com/blog/project-resonance-wave-1.html

https://github.com/redhuntlabs/Project-Resonance/tree/master/Wave%201%20-%20Subdomain%20Takeovers

漏洞挖掘资源

1.Working with Hackers – Ioana Piroska – Visma SecCon 2020

https://redhuntlabs.com/blog/project-resonance-wave-1.html

漏洞报告学习

1.IDOR when moving contents at CrowdSignal

https://hackerone.com/reports/915127

2.No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal

https://hackerone.com/reports/915110

3.IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal

https://hackerone.com/reports/915114

4.No Rate Limit when accessing “Password protection” enabled surveys leads to bypassing passwords via “pd-pass_surveyid” cookie

https://hackerone.com/reports/905816

5.Site-wide CSRF at Atavist

https://hackerone.com/reports/951292

6.IDOR leads to Edit Anyone’s Blogs / Websites

https://hackerone.com/reports/974222

7.Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

https://hackerone.com/reports/920005

8.Stored XSS on https://app.crowdsignal.com/surveys/%5BSurvey-Id%5D/question – Bypass

https://hackerone.com/reports/974271

挖掘工具

DNS tools:

  • -viewdns.info
  • -dnslytics.com
  • -dnsspy.io
  • -leafdns.com
  • -dnsdumpster.com
  • -intodns.com
  • -www.zonecut.net/dns
  • -xip.io
  • -nip.io
  • -ptrarchive.com
  • -www.whatsmydns.net
  • -ceipam.eu/en/dnslookup.php
  • -spyse.com/tools/dns-lookup
  • -www.buddyns.com/delegation-lab

Search engines for Hackers:

  • -censys.io
  • -shodan.io
  • -viz.greynoise.io
  • -zoomeye.org
  • -onyphe.io
  • -wigle.net
  • -intelx.io
  • fofa.so
  • -hunter.io
  • -zorexeye.com
  • -pulsedive.com
  • -netograph.io
  • -vigilante.pw
  • -pipl.com
  • -abuse.ch
  • -maltiverse.com/search
  • -insecam.org

每日漏洞挖掘统计

平台漏洞记录漏洞赏金
hackerone00
bugcrowd00

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 登出 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 登出 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 登出 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 登出 /  更改 )

Connecting to %s