bugbounty技巧聚合20220208 - 火线 Zone-安全攻防社区

bugbounty技巧聚合20220208

43999

漏洞报告

3500$的XSS
https://hackerone.com/reports/1410459

导入文档处SSRF5000$
https://hackerone.com/reports/1409727

自动化挖洞捡到1500$
https://hackerone.com/reports/1380121

挖洞技巧

Hack区块链
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b

RTF 模板注入
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/

CVE-2022-24348
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments

挖洞工具

burpsuite插件，注入、fastjson、shiro
https://github.com/SkewwG/BurpExtender

基于ZoomEye的图形化搜索器
https://github.com/xzajyjs/ThunderSearch

GitHub代码泄漏监控系统
https://github.com/4x99/code6