Day125: 每日漏洞挖掘——5.5

单独文章:

1.GraphQL的漏洞的挖掘

https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/

2.Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading

https://github.com/Metnew/write-ups/tree/main/rce-gh-cli-run-download

这篇文章比较有意思。

3.How to Analyze Malicious PDF Files

https://www.intezer.com/blog/incident-response/analyze-malicious-pdf-files/

4.You need to hear this if you are new/want to start bug hunting

https://mokhansec.medium.com/you-need-to-hear-this-if-you-are-new-want-to-start-bug-hunting-6b5b5c8ba8d0

gitlab的三个漏洞:

  1. https://systemweakness.com/1-3-brute-force-protection-bypass-gitlab-15a17909bb
  2. https://medium.com/@_ip_/2-3-xss-through-the-front-door-gitlab-fc4b6799e743
  3. https://medium.com/@_ip_/3-3-cache-poisoning-lateral-movement-gitlab-9c6288708576

挖掘进度:

继续databricks。然后把hackerone的私人邀请全部退了,等待新的邀请。

Day125: 每日漏洞挖掘——5.5”的一个响应

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 注销 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 注销 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 注销 /  更改 )

Connecting to %s