【QIWI 300刀】api.flocktory.com存在HTTP请求走私,导致XSS
https://hackerone.com/reports/955170
【U.S. Dept Of Defense】美国国防部某站点存在信息泄露漏洞(CVE-2020-14179)
https://hackerone.com/reports/1336397
【U.S. Dept Of Defense】美国国防部某站点存在XSS漏洞(CVE-2020-3580)
https://hackerone.com/reports/1243650
使用FUZZ技术绕过hostname限制来成功利用SSRF
https://blog.deesee.xyz/fuzzing/security/2021/02/26/ssrf-bypassing-hostname-restrictions-fuzzing.html
基于nuclei构建的graphql指纹识别模版~
https://github.com/KingOfBugbounty/KingOfBugBountyTips/blob/master/graphql-OFJAAAH.yaml
