H1漏洞报告

Snapchat

• #455645 Exposed Kubernetes API - RCE/Exposed Creds

• #265943 Stealing SSO Login Tokens (snappublisher.snapchat.com)

• #313457 Publicly accessible Continuous Integration Tool

• #1085336 CSRF when unlocking lenses leads to lenses being forcefully installed without user interaction

Stripo Inc

• #1166766 Bypassing Content-Security-Policy leads to open-redirect and iframe xss

U.S. Dept Of Defense

• #695005 Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████

挖洞技巧

• XXE in Public Transport Ticketing Mobile APP | by Nikhil (niks) | Jul, 2021 | Medium
• How I lost the SecurityTrails #ReconMaster contest, and how you can win: Edge-case recon ideas
• Facebook Vulnerability: Expose Group Member — $3000 | by Muhammad Sholikhin | Jul, 2021 | Medium
• Chaining Open Redirect with XSS to Account Takeover | by Radian ID | Jul, 2021 | Medium
• Gaining Access To GCP Of Google Stadia — 500$ Bounty | by Sebastien Kaul | Jul, 2021 | Medium
• Finding and Exploiting Unintended Functionality in Main Web App APIs | by Bend Theory | Medium