漏洞报告
【Judge.me】 html 注入
https://hackerone.com/reports/1036995【Flickr 】使用 AWS Cognito API 接管 Flickr 账户
https://hackerone.com/reports/1342088【MTN Group】注册时邮件内容中html注入
https://hackerone.com/reports/1256496【ImpressCMS】存储型XSS
https://hackerone.com/reports/1331281【RubyGems】依赖库劫持
https://hackerone.com/reports/1430405
挖洞技巧
【最新漏洞预警】开源组件漏洞之CVE-2021-23758 AjaxPro.NET反序列化漏洞
https://mp.weixin.qq.com/s/7y-iyMMZAoN4B2dGvCFvXgCVE-2021-25467漏洞详解
https://labs.taszk.io/blog/post/62_ss_dsp_oob_write/CVE-2021-30990 - 绕过 macOS Gatekeeper
CVE-2021-30990, Bypassing The macOS Gatekeeper
挖洞工具
- CVE-2021-42278(Active Directory 权限提升)的 Python 实现
https://github.com/ly4k/Pachine