漏洞报告【Kubernetes】#1398617 Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose" https://hackerone.com/reports/1398617 【Kubernetes】谷歌存储桶接管，加载JS文件，可能导致XSS https://hackerone.com/reports/1398706 【Kubernetes】文档的断链接管 https://hackerone.com/reports/1398572 【FetLife】在请求他们的 JSON 响应时能够访问私人图片/视频/文字 https://hackerone.com/reports/1424291 【Showmax】创建配置文件时的竞争条件漏洞 https://hackerone.com/reports/1428690 挖洞技巧深入研究 NSO 零点击 iMessage 漏洞：远程代码执行 https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html 基于驱动程序的攻击 https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/ 挖洞工具 SRC密码生成工具 https://github.com/fcre1938/PwdBUD 权限提升CVE-2021-42278 漏洞利用工具 https://github.com/ly4k/Pachine

bugbounty技巧聚合20211217

【Kubernetes】#1398617 Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
https://hackerone.com/reports/1398617
【Kubernetes】谷歌存储桶接管，加载JS文件，可能导致XSS
https://hackerone.com/reports/1398706
【Kubernetes】文档的断链接管
https://hackerone.com/reports/1398572
【FetLife】在请求他们的 JSON 响应时能够访问私人图片/视频/文字
https://hackerone.com/reports/1424291
【Showmax】创建配置文件时的竞争条件漏洞
https://hackerone.com/reports/1428690