H1漏洞报告 Snapchat #455645 Exposed Kubernetes API - RCE/Exposed Creds #265943 Stealing SSO Login Tokens (snappublisher.snapchat.com) #313457 Publicly accessible Continuous Integration Tool #1085336 CSRF when unlocking lenses leads to lenses being forcefully installed without user interaction Stripo Inc #1166766 Bypassing Content-Security-Policy leads to open-redirect and iframe xss U.S. Dept Of Defense #695005 Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ 挖洞技巧 XXE in Public Transport Ticketing Mobile APP | by Nikhil (niks) | Jul, 2021 | Medium How I lost the SecurityTrails #ReconMaster contest, and how you can win: Edge-case recon ideas Facebook Vulnerability: Expose Group Member — $3000 | by Muhammad Sholikhin | Jul, 2021 | Medium Chaining Open Redirect with XSS to Account Takeover | by Radian ID | Jul, 2021 | Medium Gaining Access To GCP Of Google Stadia — 500$ Bounty | by Sebastien Kaul | Jul, 2021 | Medium Finding and Exploiting Unintended Functionality in Main Web App APIs | by Bend Theory | Medium

bugbounty技巧聚合20210730

Snapchat

Stripo Inc

U.S. Dept Of Defense