【Shopify】绕过HTML 过滤器导致 SSRF 到内部 Kubernetes 端点 https://hackerone.com/reports/1115139
【Slack】存储型XSS https://hackerone.com/reports/827606
【Froxlor】SQL注入漏洞(CVE-2021-42325) https://www.exploit-db.com/exploits/50502
利用OAuth进行账户接管 https://blog.dixitaditya.com/2021/11/19/account-takeover-chain.html
提取D-Link的解密密钥 - IoT Inspector https://www.iot-inspector.com/blog/extracting-decryption-keys-dlink/
NginRAT parasite targets Nginx – Sansec https://sansec.io/research/nginrat
红队脑图 https://pic.imgdb.cn/item/61a9cfd02ab3f51d9168e5a7.png
