漏洞报告【Judge.me】 html 注入 https://hackerone.com/reports/1036995 【Flickr 】使用 AWS Cognito API 接管 Flickr 账户 https://hackerone.com/reports/1342088 【MTN Group】注册时邮件内容中html注入 https://hackerone.com/reports/1256496 【ImpressCMS】存储型XSS https://hackerone.com/reports/1331281 【RubyGems】依赖库劫持 https://hackerone.com/reports/1430405 挖洞技巧【最新漏洞预警】开源组件漏洞之CVE-2021-23758 AjaxPro.NET反序列化漏洞 https://mp.weixin.qq.com/s/7y-iyMMZAoN4B2dGvCFvXg CVE-2021-25467漏洞详解 https://labs.taszk.io/blog/post/62_ss_dsp_oob_write/ CVE-2021-30990 - 绕过 macOS Gatekeeper CVE-2021-30990, Bypassing The macOS Gatekeeper 挖洞工具 CVE-2021-42278（Active Directory 权限提升）的 Python 实现 https://github.com/ly4k/Pachine

bugbounty技巧聚合20211220

【最新漏洞预警】开源组件漏洞之CVE-2021-23758 AjaxPro.NET反序列化漏洞
https://mp.weixin.qq.com/s/7y-iyMMZAoN4B2dGvCFvXg
CVE-2021-25467漏洞详解
https://labs.taszk.io/blog/post/62_ss_dsp_oob_write/
CVE-2021-30990 - 绕过 macOS Gatekeeper
CVE-2021-30990, Bypassing The macOS Gatekeeper

CVE-2021-42278（Active Directory 权限提升）的 Python 实现
https://github.com/ly4k/Pachine