Day042

今日重点:

1.Bheem 侦察平台,聚合了很多的工具

https://github.com/harsh-bothra/Bheem

漏洞挖掘资源

1.bug-bounty-dorks

https://github.com/sushiwushi/bug-bounty-dorks

2.dirsearch

https://github.com/maurosoria/dirsearch

3.gin – a Git index file parser

https://github.com/sbp/gin

4.KingOfBugBountyTips

https://github.com/KingOfBugbounty/KingOfBugBountyTips

漏洞报告学习

1.The YouTube bug that allowed unlisted uploads to any channel

https://medium.com/bugbountywriteup/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a

2.Subdomain Takeovers, beyond the basics for Pentesters and Bug Bounty Hunters

3.Account Takeover(ATO) and Email verification bypass in 2mins

https://medium.com/@karthiksoft007/account-takeover-ato-and-email-verification-bypass-in-2mins-5a6c8cb692a7

4.Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata

https://hackerone.com/reports/530974

5.Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB

https://medium.com/bugbountywriteup/bcrypt-account-takeover-due-to-weak-encryption-hr51kdb-4418f6e65907

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 注销 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 注销 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 注销 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 注销 /  更改 )

Connecting to %s