【Slack】缺乏 URL 规范化导致 Blocked-Previews 功能无效 https://hackerone.com/reports/1102764
【Palo Alto Software】点击劫持 https://hackerone.com/reports/688546
【Automattic】电子邮件中的 SSRF 和盲 XSS https://hackerone.com/reports/1100096
【 Urban Dictionary】DOM XSS https://hackerone.com/reports/889041
CVE-2021-41577:EVGA Precision X1 中的 MITM 到 RCE - Rhino Security Labs https://rhinosecuritylabs.com/research/cve-2021-41577-evga-precision-x1/
我发现 Microsoft 子域的信息泄露漏洞 | 通过 Bot Ami | 2022 年 1 月 https://medium.com/@botami143/i-found-idor-vulnerability-at-microsoft-subdomain-b89b8777bf8d
缓存投毒总结 https://youst.in/posts/cache-poisoning-at-scale/
