漏洞报告
【Google 5000刀】谷歌云服务Dialogflow价值5000刀的越权
https://asterfiester.medium.com/5000-google-idor-vulnerability-writeup-c7b45926abe9
【MTN Group】mtn.bj存在反射xss漏洞
https://hackerone.com/reports/1264832
【DuckDuckGo】com.duckduckgo.mobile.android - Cache corruption
https://hackerone.com/reports/1074613
挖洞技巧
无聊且枯燥的越权小技巧
/api/v4/users/<userid> =>> 403
/api/v4/internal/users/<userid> =>> 200
挖洞工具
TruffleHog – 用于在 JavaScript 代码中查找密钥的浏览器插件
https://portswigger.net/daily-swig/meet-trufflehog-a-browser-extension-for-finding-secret-keys-in-javascript-code
