HTML 注入
HTTP 参数污染
CRLF 劫持
CSRF
逻辑漏洞
- Shopify Administrator Privilege Bypass
- Starbucks Race Conditions
- Binary.com Privilege Escalation
- HackerOne Signal Manipulation
- Shopify S3 Buckets Open
- HackerOne S3 Buckets Open
- Bypassing GitLab Two Factor Authentication
- Yahoo PHP Info Disclosure
- HackerOne Hacktivity Voting
- Accessing PornHub's Memcache Installation
XSS
- Shopify Wholesale
- Shopify Giftcard Cart
- Shopify Currency Formatting
- Yahoo Mail Stored XSS
- Google Image Search
- Google Tagmanager Stored XSS
SQL 注入
开放重定向漏洞
子域控制
XXE 注入
代码执行
模板注入
SSRF
内存漏洞
工具
- Burp Suite
- Knockpy
- HostileSubBruteforcer
- sqlmap
- Nmap
- Eyewitness
- Shodan
- What CMS
- Nikto
- Recon-ng
- idb
- Wireshark
- Bucket Finder
- Google Dorks
- IPV4info.com
- JD GUI
- Mobile Security Framework
- Firefox Plugins
- FoxyProxy
- UserAgentSwitcher
- Firebug
- Hackbar
- Websecurify
- CookieManager+
- XSS Me
- Offsec Exploit-db Search
- Wappalyzer
资源
- OnlineTraining
- Bug Bounty Platforms
- Video Tutorials
- youtube.com/yaworsk1
- Seccasts.com
- Twitter#infsec
- Twitter@disclosedh1
- Web Application Hackers Handbook
- Bug Hunters Methodology
- Recommended Blogs
- philippeharewood.com
- Philippe'sFacebookPage
- fin1te.net
- NahamSec.com
- blog.it-securityguard.com
- blog.innerht.ml
- blog.orange.tw
- Portswigger Blog
- Nvisium Blog
- blog.zsec.uk
- Bug Crowd Blog
- HackerOne Blog
