正在加载…
请使用更现代的浏览器并启用 JavaScript 以获得最佳浏览体验。
加载论坛时出错,请强制刷新页面重试。
bugbounty技巧聚合20220210
43999
漏洞报告
垂直越权900$
https://hackerone.com/reports/1102652
bucket信息泄露500$
https://hackerone.com/reports/1102546
TikTok XSS 6000$
https://hackerone.com/reports/1452375
挖洞技巧
如何从self-xss到远程代码执行(15k$)
https://amakki.me/how-i-made-15k-from-remote-code-execution-vulnerability-2e1b14b3902a
Wordpress插件PHP Everywhere远程代码执行漏洞
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/
postMessage XSS tips
https://blog.intigriti.com/2022/02/09/bug-bytes-158-postmessage-xss-tips-api-testing-toolbox-finding-100-bugs-in-wordpress-plugins/
DOM-XSS
https://spaceraccoon.dev/solving-dom-xss-puzzles
挖洞工具
谷歌爬虫脚本
https://github.com/weishen250/Google-Spider
CVE-2022-21999利用脚本
https://github.com/ly4k/SpoolFool
CVE-2022-21241 POC
https://github.com/satoki/csv-plus_vulnerability
