Day127: 每日漏洞挖掘——5.7

1.Bypass Rate Limit — A blank space leads to this random encounter!

https://infosecwriteups.com/bypass-rate-limit-a-blank-space-leads-to-this-random-encounter-e18e72fbf228

2.记首次HW|某地级市攻防演练红队渗透总结

https://xz.aliyun.com/t/11300

3.SignUp functionality hunting mindmap


https://pbs.twimg.com/media/FR_LtLgWQAAMisI?format=jpg&name=4096×4096

4.Nuclei: Packing a Punch with Vulnerability Scanning

https://bishopfox.com/blog/nuclei-vulnerability-scan

5.Ferrari subdomain hijacked to push fake Ferrari NFT collection

https://www.bleepingcomputer.com/news/security/ferrari-subdomain-hijacked-to-push-fake-ferrari-nft-collection/

漏洞分析

  1. https://hackerone.com/reports/1181946 分析:https://youst.in/posts/cache-poisoning-at-scale/
  2. https://hackerone.com/reports/927338 利用图片的元数据来定位
  3. https://hackerone.com/reports/1250474 绕过line的2FA
  4. https://hackerone.com/reports/1173153 cache-poisoning-at的又一例

挖掘进度

私有项目的Recon

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 注销 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 注销 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 注销 /  更改 )

Connecting to %s