漏洞报告
【Gitlab 16000刀】Stored XSS in markdown via the DesignReferenceFilter
https://hackerone.com/reports/1212067
【Gitlab 3000刀】Stored XSS in Mermaid when viewing Markdown files
https://hackerone.com/reports/1212822
【Gitlab 600刀】Reporters can upload design to issues using the "Move to" feature
https://hackerone.com/reports/1112297
挖洞技巧
CORS测试小技巧
https://jakearchibald.com/2021/cors/
Apache mod_proxy SSRF(CVE-2021-40438)的一点分析和延伸
https://mp.weixin.qq.com/s/sbFs7kZ8tExwZPeUvq1hJw
HTML to PDF converters, can I hack them?
https://tempest-sec.medium.com/html-to-pdf-converters-can-i-hack-them-a681cfee0903
