新的 PHP LFI 技术、大规模缓存中毒和空字节攻击仍然存在! https://blog.intigriti.com/2022/01/05/bug-bytes-153-new-php-lfi-technique-cache-poisoning-at-scale-null-byte-attacks-are-still-alive/
XXE https://mukibas37.medium.com/xxe-tryhackme-writeup-29fb1e0e2666
主机头注入导致帐户接管 https://m7-arman.medium.com/host-header-injection-lead-to-account-takeover-2f025a645d13
Java RMI 服务通常容易受到 SSRF 攻击的研究 https://portswigger.net/daily-swig/java-rmi-services-often-vulnerable-to-ssrf-attacks-research
Apache HTTP Server 中的高严重性漏洞可能导致 RCE https://portswigger.net/daily-swig/internet-bug-bounty-high-severity-vulnerability-in-apache-http-server-could-lead-to-rce
