漏洞报告
【Gitlab 1,800 USD】[Java] CWE-502: Unsafe deserialization with three JSON frameworks
https://hackerone.com/reports/1368720
【Gitlab 1,800 USD】[Python]: CWE-117 Log Injection
https://hackerone.com/reports/1368721
【TikTok 2,000 USD】XSS on tiktok.com
https://hackerone.com/reports/1322104
【XVIDEOS 150 USD】Script breaking tag (Forces website to render blank) (Informative)
https://hackerone.com/reports/1355537
挖洞技巧
Discourse SNS webhook RCE
https://0day.click/recipe/discourse-sns-rce/
