【QIWI】密码重置导致账户接管 https://hackerone.com/reports/1379842
【 Glassdoor】通过链接标签绕过白名单导致CSS注入 https://hackerone.com/reports/1250730
通过 Azure API 权限滥用进行 Azure 权限提升 https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
Easy SQLi in Amazon subsidiary using Sqlmap | by Mostafa Mamdoh | Dec, 2021 | Medium https://hector0x.medium.com/easy-sqli-in-amazon-subsidiary-using-sqlmap-ff469013671b
How to Exploit Public Firebase Realtime Database using REST API | by Mastur | Dec, 2021 | Medium https://masturf.medium.com/how-to-exploit-firebase-realtime-database-using-rest-api-34885160fa55
GitHub - FDlucifer/Proxy-Attackchain: proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool https://github.com/FDlucifer/Proxy-Attackchain
pip-audit是一种用于扫描 Python 环境以查找具有已知漏洞的包的工具。 https://github.com/trailofbits/pip-audit
