漏洞报告【Shopify】未授权访问漏洞 https://hackerone.com/reports/1394982 【Shopify】越权添加地址 https://hackerone.com/reports/1279322 【TikTok 】IDOR漏洞导致信息泄露 https://hackerone.com/reports/1392630 【TikTok 】反射型XSS https://hackerone.com/reports/1394440 【Symfony】Symfony PHP 框架中发现的 Web 缓存中毒漏洞 https://portswigger.net/daily-swig/web-cache-poisoning-bug-discovered-in-symfony-php-framework 【VMware】VMware vCenter 7.0.2.00100 unauth 任意文件读取 + SSRF + 反射 XSS https://github.com/l0ggg/VMware_vCenter 【Kubernetes】Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces https://hackerone.com/reports/1249583 挖洞技巧使用 BurpSuite 查找 CSRF 漏洞 https://medium.com/@kaorrosi/finding-csrf-vulnerabilities-with-burpsuite-a0a37b87eb85 IDOR漏洞导致信息泄露的挖掘过程 https://amit-lt.medium.com/a-story-of-idor-which-leads-to-privacy-violation-78c1b4c710fb 挖洞工具模糊测试工具：ClusterFuzzLite https://github.com/google/clusterfuzzlite

bugbounty技巧聚合20211206

【Shopify】未授权访问漏洞
https://hackerone.com/reports/1394982
【Shopify】越权添加地址
https://hackerone.com/reports/1279322
【TikTok 】IDOR漏洞导致信息泄露
https://hackerone.com/reports/1392630
【TikTok 】反射型XSS
https://hackerone.com/reports/1394440
【Symfony】Symfony PHP 框架中发现的 Web 缓存中毒漏洞
https://portswigger.net/daily-swig/web-cache-poisoning-bug-discovered-in-symfony-php-framework
【VMware】VMware vCenter 7.0.2.00100 unauth 任意文件读取 + SSRF + 反射 XSS
https://github.com/l0ggg/VMware_vCenter
【Kubernetes】Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
https://hackerone.com/reports/1249583

使用 BurpSuite 查找 CSRF 漏洞
https://medium.com/@kaorrosi/finding-csrf-vulnerabilities-with-burpsuite-a0a37b87eb85
IDOR漏洞导致信息泄露的挖掘过程
https://amit-lt.medium.com/a-story-of-idor-which-leads-to-privacy-violation-78c1b4c710fb