Day036

今日重点:

1.Cross-site scripting (XSS) cheat sheet

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#top

漏洞挖掘资源

1.ImageMagick – Shell injection via PDF password

https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html

2.bypass 403 工具

https://github.com/lobuhi/byp4xx/

3.Tired of Duplicates in Bug Bounty 怎么处理漏洞重复

https://safaras.medium.com/tired-of-duplicates-in-bug-bounty-b34d786fe6a4

4.使用AutomationML实现安全风险

https://www.kitploit.com/2020/11/amlsec-automated-security-risk.html

5.Active-Directory-Exploitation-Cheat-Sheet

https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

6.Hunting Usernames and Accounts (OSINT)

7.Exposed — Doxers Leaking Their Own Personal Information

漏洞报告学习

1.Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile

https://hackerone.com/reports/865652

2.一个密码泄露

3.Stealing your Github code with malicious YAML file – Bug Bounty Reports Explained

4.Stored XSS on https://app.crowdsignal.com/surveys/%5BSurvey-Id%5D/question – Bypass

https://hackerone.com/reports/974271

5.IDOR leads to Edit Anyone’s Blogs / Websites

https://hackerone.com/reports/974222

6.Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

https://hackerone.com/reports/920005

7.一个有趣的漏洞

https://medium.com/@vedanttekale20/story-of-an-interesting-bug-de07fbef4017

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 登出 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 登出 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 登出 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 登出 /  更改 )

Connecting to %s