漏洞报告【Zivver】在 AndroidManifest 中启用 ADB 备份 https://hackerone.com/reports/1225158 【LINE】不正确的授权允许在通知通道服务器中泄露用户的通知数据 https://hackerone.com/reports/1314162 【8x8】默认凭据导致 Spring Boot Admin 仪表板访问 https://hackerone.com/reports/1417635 【Khan Academy 】电子邮件欺骗 https://hackerone.com/reports/496360 【U.S. Dept Of Defense】Log4Shell：█████████ 上的 RCE 0 day漏洞利用 https://hackerone.com/reports/1429014 挖洞技巧通过 SSRF 攻击 Java RMI https://blog.tneitzel.eu/posts/01-attacking-java-rmi-via-ssrf/ 零点击帐户接管的故事 https://medium.com/pentesternepal/a-tale-of-zero-click-account-takeover-56b51fdbd7ae 密码绕过导致全账户接管 https://medium.com/@sarafsaransh321/the-password-bypass-leads-to-full-account-takeover-9aefa7e3a9dd AWS Lambda 命令注入 https://towardsaws.com/aws-lambda-command-injection-124a5cc44be7 挖洞工具 google/log4jscanner：一个 log4j 漏洞文件系统扫描器和用于分析 JAR 文件的 Go 包。 https://github.com/google/log4jscanner

bugbounty技巧聚合20220104

【Zivver】在 AndroidManifest 中启用 ADB 备份
https://hackerone.com/reports/1225158
【LINE】不正确的授权允许在通知通道服务器中泄露用户的通知数据
https://hackerone.com/reports/1314162
【8x8】默认凭据导致 Spring Boot Admin 仪表板访问
https://hackerone.com/reports/1417635
【Khan Academy 】电子邮件欺骗
https://hackerone.com/reports/496360
【U.S. Dept Of Defense】Log4Shell：█████████ 上的 RCE 0 day漏洞利用
https://hackerone.com/reports/1429014

通过 SSRF 攻击 Java RMI
https://blog.tneitzel.eu/posts/01-attacking-java-rmi-via-ssrf/
零点击帐户接管的故事
https://medium.com/pentesternepal/a-tale-of-zero-click-account-takeover-56b51fdbd7ae
密码绕过导致全账户接管
https://medium.com/@sarafsaransh321/the-password-bypass-leads-to-full-account-takeover-9aefa7e3a9dd
AWS Lambda 命令注入
https://towardsaws.com/aws-lambda-command-injection-124a5cc44be7

google/log4jscanner：一个 log4j 漏洞文件系统扫描器和用于分析 JAR 文件的 Go 包。
https://github.com/google/log4jscanner