HTTP2 相关攻击面
http://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Kettle-HTTP-The-Sequel-Is-Always-Worse.pdf
http://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Kettle-HTTP2-The-Sequel-Is-Always-Worse-wp.pdf
https://github.com/PortSwigger/http-request-smuggler
https://portswigger.net/research/http2
大胡子yyds~
Exchange日穿 by 橘子
http://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf
橘子yyds~
Facebook
Facebook Messenger for android indirect thread deletion vulnerability.
Facebook iOS address bar spoofing -
HackerOne
#1273292 Internal Gitlab Ticket Disclosure via External Slack Channels
Snapchat
#727487 Bypass Rate Limits on app.snapchat.com API Endpoint via X-Forwarded-For Header
MTN Group
#853284 Disclosure of internal information using hidden NTLM authentication leading to an exploit server
Slack
#375083 Private application files can be uploaded to Slack via malicious uploader
别想偷我源码:通用的针对源码泄露利用程序的反制(常见工具集体沦陷)
Mistuned Part 1: Client-side XSS to Calculator and More · CodeColorist
https://github.com/PortSwigger/taborator
https://github.com/0xC01DF00D/Collabfiltrator
