【QIWI 500刀】Cisco未授权任意文件删除漏洞
https://hackerone.com/reports/944665
Ps:手慢无系列
【Opera 8000刀】Opera 浏览器中的 XSS 到 RCE
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
【Redtube 10,000刀】https://www.redtube.com/media/hls?s=data PHP对象注入,导致RCE
https://hackerone.com/reports/1312641
ps:厂商大气啊,同类型厂商H1上挺多的~ 手动狗头.jpg
【GitLab 610刀】 Guest用户可以为 Sentry 创建报错问题并跟踪其状态
GitLab disclosed on HackerOne: Guest Users can create issues for...
【curl 1000刀】CVE-2021-22946: Protocol downgrade required TLS bypassed
https://hackerone.com/reports/1334111
【curl 1500刀】CVE-2021-22947: STARTTLS protocol injection via MITM
https://hackerone.com/reports/1334763
1、JSON CSRF : 无人谈论的 CSRF
https://anonymousyogi.medium.com/json-csrf-csrf-that-none-talks-about-c2bf9a480937
2、CSRF的各种bypass技巧
中文:https://zhuanlan.zhihu.com/p/32716181
英文:https://2017.zeronights.org/wp-content/uploads/materials/ZN17_MikhailEgorov%20_Neat_tricks_to_bypass_CSRF_protection.pdf
Ps: ZeroNights, 毛哥的安全大会,议题质量一般都挺高的~
