漏洞报告
【Shopify】Open Redirect in www.shopify.dev Environment
https://hackerone.com/reports/842035
【Shopify 500刀】Apache Flink Dashboard exposure at https://streaming-sales-model-production.flink.shopifykloud.com
https://hackerone.com/reports/1262907
【Internet Bug Bounty 1000刀】Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)
https://hackerone.com/reports/1400238
【Internet Bug Bounty 1,200刀】The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values
https://hackerone.com/reports/1374512
挖洞技巧
安全认证相关漏洞挖掘
http://noahblog.360.cn/an-quan-ren-zheng-xiang-guan-lou-dong-wa-jue/
The tale of CVE-2021-34479 (VSCode XSS)
https://medium.com/techiepedia/the-tale-of-cve-2021-34479-vscode-xss-b336ba6cf3d6
Checklist of the most important security countermeasures when designing, testing, and releasing your API
https://github.com/shieldfy/API-Security-Checklist
URL whitelist bypass in https://cxl-services.appspot.com
https://feed.bugs.xdavidhu.me/bugs/0008
