HackerOne
#1256371 PII data Leakage through hackerone reports
#1145563 Tab nabbing in Hackerone inbox.
Basecamp
#1288898 Password reset link not expiring after changing password in settings
#1104874 Insecure Bundler configuration fetching internal Gems (okra) from Rubygems.org
#1294231 Login session not expire
UPchieve
#1177287 Password reset token leak on third party website via Referer header
https://docs.google.com/presentation/d/1E5zjGcnqSe7asDreGPgBS2T-bAJ5siuE0QKvJnX91Cw/edit#slide=id.ge2f51227b3_0_158
https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/
基于爱企查的一款企业信息查询工具 https://github.com/wgpsec/ENScan
