漏洞报告
【Flickr 500刀】critical server misconfiguration lead to access to any user sensitive data which include user email and password
https://hackerone.com/reports/1365738
【GitHub Security Lab】C# : Add query to detect Server Side Request Forgery
https://hackerone.com/reports/1389905
【Node.js 250刀】HTTP Request Smuggling due to ignoring chunk extensions
https://hackerone.com/reports/1238099
【 Mail.ru】[samokat.ru] PHP modules path disclosure due to lack of error handling
https://hackerone.com/reports/1353244
【Lark Technologies 7,500刀】Attacker is able to join any tenant on larksuite and view personal files/chats.
https://hackerone.com/reports/1363185
挖洞技巧
Sitecore Experience Platform Pre-Auth RCE
https://blog.assetnote.io/2021/11/02/sitecore-rce/
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
https://perception-point.io/a-technical-analysis-of-cve-2021-30864-bypassing-app-sandbox-restrictions/
