Doonsec's feed

Doonsec's feedhttp://wechat.doonsec.com/MzkxNjc0ODA3NQ.xmlThe latest security articles about WeChat official accountzh-CNMon, 23 Mar 2026 23:29:50 GMTPyRSS2Gen-1.1.0http://blogs.law.harvard.edu/tech/rsshttp://wechat.doonsec.com/Doonsechttp://wechat.doonsec.com/static/front/img/doonsec_bak3.pngCSP绕过工具：cspbypasshttps://mp.weixin.qq.com/s/YcVpH_5U_1uVNPA9PZvRRg漏洞集萃漏洞集萃2026-03-23T22:25:40预接管账号：结合 OTP 校验分离与空格绕过注册内部管理员邮箱https://mp.weixin.qq.com/s/KT_PYLtH5v2QYgwEQ1ooyA漏洞集萃漏洞集萃2026-03-22T00:16:14逻辑漏洞：邮箱注册 tips #11https://mp.weixin.qq.com/s/N5q10Kxa6L-pdaXoXtHfQA漏洞集萃漏洞集萃2026-03-01T15:46:49个人资料/配置页检查清单https://mp.weixin.qq.com/s/QzyFqnsEEIATyYJHWkI3dg漏洞集萃漏洞集萃2026-02-26T08:03:46缓存投毒玩坏头像：Unix 时间戳预测 + 4小时 404 DoS 实战https://mp.weixin.qq.com/s/7WOJRipH17N5uv_4obMySg漏洞集萃漏洞集萃2026-02-25T17:52:05深度解析：在 Rails 中通过结构化代码消灭 IDOR 漏洞https://mp.weixin.qq.com/s/oMqK4nCnXVBH8IguGzfq3Q漏洞集萃漏洞集萃2026-02-24T09:19:58Bug Bounty 实战：CSRF 如何升级成针对用户的 DoShttps://mp.weixin.qq.com/s/gxqPZ54SnjjZeWnToVLgIg漏洞集萃漏洞集萃2026-02-20T08:33:13第三方集成崩盘：Salesforce 可预测 ID 枚举 + Zendesk 前端 admin token 泄露 265 万记录https://mp.weixin.qq.com/s/V8vJ_7IwPqJasFk3DdSDFg漏洞集萃漏洞集萃2026-02-18T10:26:12业务逻辑缺陷：同时 Archive & Trash，消息瞬间隐身 + 委托滥用https://mp.weixin.qq.com/s/u2thIjVFZisr7ulNiCxqtQ漏洞集萃漏洞集萃2026-02-16T07:36:28GatewayToHeaven：在 GCP Apigee 中发现跨租户漏洞https://mp.weixin.qq.com/s/WO82jQmN8mzZLdINYs6vCQ漏洞集萃漏洞集萃2026-02-15T11:52:50单请求经典 DoS：一个请求干掉目标的艺术https://mp.weixin.qq.com/s/XQ5VUa99w_2j-wjd_yHDag漏洞集萃漏洞集萃2026-02-14T08:17:44技术干货：详解 Host Header 导致的逻辑越权与防护方案https://mp.weixin.qq.com/s/xALL2HuwgqXTSA2YHOfziw漏洞集萃漏洞集萃2026-02-10T09:24:19【实战复盘】通过监控调试模式获取 15,000 美元的远程代码执行收益https://mp.weixin.qq.com/s/gb2Qc7AVTC8W11VOknMkvw漏洞集萃漏洞集萃2026-02-07T10:05:34漏洞实战：怎么利用 XSS、BAC 和 CSRF 实现平台级接管的https://mp.weixin.qq.com/s/IlyyCCU-SeusEZBxdPImQg漏洞集萃漏洞集萃2026-02-06T10:16:05【实战分享】抽丝剥茧：记一次导致全站用户信息泄露的严重 IDOR 漏洞挖掘https://mp.weixin.qq.com/s/aaxbzbgTukRYI_sZfTTozw漏洞集萃漏洞集萃2026-02-05T08:47:22【实战复盘】利用 URL 路径混淆绕过认证：记一次价值 $4500 的企业后台接管https://mp.weixin.qq.com/s/1DGqQdGiA7wf93qiV3ciWQ漏洞集萃漏洞集萃2026-02-04T09:25:36使用 Frida 在运行时拦截 OkHttp - 实用指南https://mp.weixin.qq.com/s/KMqS2kM6vF5ar2RimJi8ng漏洞集萃漏洞集萃2026-02-02T20:20:14密码重置漏洞检查清单https://mp.weixin.qq.com/s/3dBX4ZdJIdvbSJU6Ld_M3Q漏洞集萃漏洞集萃2026-01-31T10:44:12一种PHP PDO 预处理语句中的新型 SQL 注入技术https://mp.weixin.qq.com/s/fRvF0SH6BtJVj5YnTIlqrg漏洞集萃漏洞集萃2026-01-30T00:04:22注册功能漏洞检查清单https://mp.weixin.qq.com/s/23f7itDcmeDixxIF9ZTtsQ漏洞集萃漏洞集萃2026-01-28T22:18:11一种利用 HTTP 重定向循环的新型 SSRF 技术https://mp.weixin.qq.com/s/GwlZy-KB9epxVtt_-S8fmw漏洞集萃漏洞集萃2026-01-27T20:28:11干货：如何利用自动化工具绕过谷歌验证码实现XSS攻击链https://mp.weixin.qq.com/s/j7ynlnjH31IkKV8giCuhhA漏洞集萃漏洞集萃2026-01-24T19:29:35利用 WAF 窃取 Salesforce OAuth 令牌https://mp.weixin.qq.com/s/eKC2GH7qNRWHD9z_xEkqCw漏洞集萃漏洞集萃2026-01-23T19:36:45【实战】利用 Salesforce ID 格式特性实现用户遍历https://mp.weixin.qq.com/s/piPYyb2z20u4jfiy5iyP2w漏洞集萃漏洞集萃2026-01-22T09:04:04常见OAuth 漏洞：未验证tokenhttps://mp.weixin.qq.com/s/BMcWmEx-eOHcnxLR7adA9g漏洞集萃漏洞集萃2026-01-21T22:38:35TOCTOU 与信任链断裂:DNS Rebindinghttps://mp.weixin.qq.com/s/hWV18NkjGn4-hgXI2rXazw漏洞集萃漏洞集萃2026-01-20T21:49:02API 渗透实战：从 JSON 响应倒推隐藏的高危路由https://mp.weixin.qq.com/s/jczC5QHZqOZMkclH0qHVaw漏洞集萃漏洞集萃2026-01-19T18:07:28【深度复盘】Trust Wallet 惊魂24小时：当官方插件变成“内鬼”，一行代码如何盗走600万美元？https://mp.weixin.qq.com/s/-puuLDHaEl7d1N4S4yFxKg漏洞集萃漏洞集萃2025-12-26T14:11:05从源码泄露到 RCE：某 AI 平台沙箱逃逸实战复盘https://mp.weixin.qq.com/s/McKkLJ4NkOs4ixbcFf-33Q漏洞集萃漏洞集萃2025-12-23T17:12:14不触发预检的 CSRF 攻击：Content-Type:text/plain 的魔法https://mp.weixin.qq.com/s/ZZfvYGhvAdhVTQJVbbNMJQ漏洞集萃漏洞集萃2025-12-21T13:40:55谷歌登录也防不住？实战劫持 GIS SDK 实现无感账号接管https://mp.weixin.qq.com/s/Mnyt3Yuwdvg6mkHqK5waVg漏洞集萃漏洞集萃2025-12-19T11:17:58【漏洞挖掘Tips】一种新的 GraphQL 绕过角度https://mp.weixin.qq.com/s/Cz_SWDIMD8iQyx_1xyrzqg漏洞集萃漏洞集萃2025-12-17T14:53:37【从公开报告到私有神器】：如何通过漏洞报告制作字典https://mp.weixin.qq.com/s/DO22QC7SBHKFk-87W9vUcA漏洞集萃漏洞集萃2025-12-11T22:57:05如何发现 OpenAI Atlas的 OAuth泄漏漏洞https://mp.weixin.qq.com/s/jtDPaa1hCXZl94fNqndavg漏洞集萃漏洞集萃2025-12-09T22:22:06嵌套解析器情况下的XSShttps://mp.weixin.qq.com/s/2ofBOAfGNWpRpSLyu1aSZQ漏洞集萃漏洞集萃2025-12-08T14:55:25伪造注释状态下的XSShttps://mp.weixin.qq.com/s/iIQ2HmVB02Z5iIoXH3oNew漏洞集萃漏洞集萃2025-12-07T18:14:24用 JADX 静态分析，反手挖出两个高危 ATOhttps://mp.weixin.qq.com/s/x0nmGjdAVz_0Sqd4tnnEAQ漏洞集萃漏洞集萃2025-12-05T09:41:10工具流教学：Gau + Uro + Dorking，一套组合拳挖到星巴克的XSS漏洞https://mp.weixin.qq.com/s/JOgOXWqYYVJxz5yvsOmHRw漏洞集萃漏洞集萃2025-12-04T17:15:47攻防演练中的“降维打击”：逃逸出内网边界的影子资产与SaaS供应链挖掘https://mp.weixin.qq.com/s/ZzeCujgzqbXdeAgoLcretg漏洞集萃漏洞集萃2025-12-03T15:39:03信息收集最强OSINT姿势：Google一搜，全球程序员的密码、API Key、邮箱全裸奔https://mp.weixin.qq.com/s/bSNgMNdAmLGdeXT1WBUqgA漏洞集萃漏洞集萃2025-12-01T14:49:53【漏洞挖掘Tips】将JS伪造为 PDF 的一些方法https://mp.weixin.qq.com/s/segiaTbEeRRpm6iEaEvRWg漏洞集萃漏洞集萃2025-11-29T17:54:22【漏洞挖掘Tips】将 JSON payload 伪装为 PDF 或图像文件https://mp.weixin.qq.com/s/Gvv-uaA64OrtaV-Y5bud4w漏洞集萃漏洞集萃2025-11-28T10:13:10【漏洞挖掘Tips】Web应用常见鉴权机制及其漏洞https://mp.weixin.qq.com/s/IRXQ6ISaORerh7IyVDFRiQ漏洞集萃漏洞集萃2025-11-25T09:41:21【快讯】Cloudflare 突发全球大范围宕机！https://mp.weixin.qq.com/s/2xuGHo1rNPMDIBprT-4kFA漏洞集萃漏洞集萃2025-11-18T22:30:26【漏洞挖掘Tips】模糊测试和绕过AWS WAFhttps://mp.weixin.qq.com/s/Ej1Oz52gyzpBwP-eRiBTUA漏洞集萃漏洞集萃2025-11-14T17:56:28【工具推荐】绕过 Cloudflare 针对的burpsuite代理的识别https://mp.weixin.qq.com/s/444-TPlLZYc5Iwh8hxKFPQ漏洞集萃漏洞集萃2025-11-13T15:14:10【移动安全】现代 iOS 渗透测试：无需越狱https://mp.weixin.qq.com/s/wz5O4h6amgRuFxGsEUhHyg漏洞集萃漏洞集萃2025-11-10T11:31:58【工具推荐】AI+Fuzz，一键挖掘隐藏目录！https://mp.weixin.qq.com/s/bKN5EtTlFV9qxwj4YwsGog漏洞集萃漏洞集萃2025-11-04T17:48:16【漏洞挖掘Tips】IDOR 终极技巧清单https://mp.weixin.qq.com/s/-mIIqw-y6kNcQP0uz4x2bg漏洞集萃漏洞集萃2025-10-31T15:41:21【后渗透Tips】一种常见但是不容易想到的伪提权方式https://mp.weixin.qq.com/s/qxcqLAXomuVUxWBoIeHGdw漏洞集萃漏洞集萃2025-10-29T18:07:41【漏洞挖掘Tips】关于OTP的常见漏洞和处理方式https://mp.weixin.qq.com/s/Q5Dopm1Qb4Jr1MEwTegFyQ漏洞集萃漏洞集萃2025-10-27T16:28:43【漏洞挖掘Tips】一种小众的边缘资产收集方式https://mp.weixin.qq.com/s/hP0frs64QNAJGO8yMPji9w漏洞集萃漏洞集萃2025-10-22T11:38:31Lubian矿池被盗？美执法没收12WBTC！带你理清最近的127,271 BTC事件；https://mp.weixin.qq.com/s/iJz7kq1KWLAcSpnOz74Wyg漏洞集萃漏洞集萃2025-10-17T15:25:48【漏洞挖掘Tips】二次上下文路径遍历攻击https://mp.weixin.qq.com/s/0qrhzJkf6QBcj3mhTKHO1g漏洞集萃漏洞集萃2025-10-13T15:25:03【漏洞挖掘Tips】postMessage注入实现RCExa0获取xa0Google $22,500https://mp.weixin.qq.com/s/fJtZekvaBqjtRXwSCsBwMA漏洞集萃漏洞集萃2025-09-29T11:06:43【漏洞挖掘Tips】关于头像上传存储在s3的漏洞挖掘方法https://mp.weixin.qq.com/s/PkML8SfN_nl7Uv2VoDKeFA漏洞集萃漏洞集萃2025-09-25T11:13:31【漏洞挖掘Tips】一种新的2FA 绕过方式https://mp.weixin.qq.com/s/gG_yER9pHVA5Yq2webcKYw漏洞集萃漏洞集萃2025-09-24T16:52:25从“发送失败”到任意账号接管https://mp.weixin.qq.com/s/y7CnGoPT8uL23-bSi2QndQ漏洞集萃漏洞集萃2025-09-22T17:06:58【漏洞挖掘tips】通过批量分配实现权限提升https://mp.weixin.qq.com/s/sP432lqjcQgcKBDDvtCxIw漏洞集萃漏洞集萃2025-09-17T11:33:12狂挖5000$赏金并且登入apple 的名人堂https://mp.weixin.qq.com/s/45PbCTrZg1sL-wCiEavLzg漏洞集萃漏洞集萃2025-09-08T15:50:44微软含泪打钱6000$！一条\"中文\"CRLF冲进 Hall of Famehttps://mp.weixin.qq.com/s/xjiCFzJ8ce3UpATxKlskHw漏洞集萃漏洞集萃2025-09-05T11:47:48【0day 预警】Atlassian Jira Service Management Cloud 曝出 “一接管任意账户”https://mp.weixin.qq.com/s/Q9e6zdxCR6eeIbKLBcULKQ漏洞集萃漏洞集萃2025-09-02T11:51:31腾讯云曝出严重安全漏洞，内部敏感信息等持续数月暴露于公网https://mp.weixin.qq.com/s/dnbUfvMEgpzNyoOvMQOXUw漏洞集萃漏洞集萃2025-08-28T11:49:57【技术干货】三连杀！用“并发”连续薅出3个高危漏洞https://mp.weixin.qq.com/s/i07kfc8XBzhJ21DhLfPM5A漏洞集萃漏洞集萃2025-08-19T09:23:42【逻辑漏洞】一次价格篡改实战复盘https://mp.weixin.qq.com/s/Q317LBsoZDLIoC-YjaB9Lg漏洞集萃漏洞集萃2025-08-18T14:23:58【0-Click！一键接管任意 Facebook 账户】https://mp.weixin.qq.com/s/E7k9MZhaka_ndJXfikoWzw漏洞集萃漏洞集萃2025-08-17T15:31:01【扩大影响】把用户枚举玩出花：一个参数引发的 0-Click 账户接管https://mp.weixin.qq.com/s/QMH967bwUvGvYqVboDe4xg漏洞集萃漏洞集萃2025-08-16T10:06:16【新思路】把注册接口换成 WebSocket，UUID 一改直接接管全场账号https://mp.weixin.qq.com/s/uS3OZUx_CnAuIvtaBBAwcA漏洞集萃漏洞集萃2025-08-15T10:29:51【技术干货】一条 Google Dork 捡到的高危存储型 XSS → 完整钓鱼链拿下管理员账号https://mp.weixin.qq.com/s/a3YSFUmBTFXNe87zaC3igg漏洞集萃漏洞集萃2025-08-14T16:41:14一条斜杠 “%2f” 狂赚 500€https://mp.weixin.qq.com/s/jtXXQGUufGEJ4fgoTvkrIA漏洞集萃漏洞集萃2025-08-13T11:09:42突发：字节 CDN 正式挂出“讣告”https://mp.weixin.qq.com/s/utG-KktYeLnm18kDmx-jkw漏洞集萃漏洞集萃2025-08-12T14:56:20喜提€1500赏金！仅凭一个Cookie绕过403，拿下整个内网CRM管理权！https://mp.weixin.qq.com/s/v0nodIvTUp5JHXOTHhgT2A漏洞集萃漏洞集萃2025-08-12T12:00:08Frida Hook 实战：一次 WhatsApp 从安卓到 Windows 的跨平台 DoS 漏洞挖掘https://mp.weixin.qq.com/s/_KLheZMAFHNkP2R0tkU4aw漏洞集萃漏洞集萃2025-08-08T10:05:38如何通过一个逻辑漏洞爆赚9000$https://mp.weixin.qq.com/s/YlBJcDmUFQqC9dzl7jajXQ漏洞集萃漏洞集萃2025-08-07T17:32:44我把麦当劳从Uber Eats上“下架”了，Uber还奖励了我一笔赏金https://mp.weixin.qq.com/s/e8zMDK2EQpzqqhWePTGG_Q漏洞集萃漏洞集萃2025-08-06T17:59:05就点了一下，Yandex给了他赏金。这个P4漏洞简单到离谱https://mp.weixin.qq.com/s/JDCRrS7UxdHKvgbDP2B-RQ漏洞集萃漏洞集萃2025-08-04T11:50:50他随手点开一个失效链接，几分钟后，100欧元赏金到账了https://mp.weixin.qq.com/s/Qn66zNP-YDTmENXGeuz7Ig漏洞集萃漏洞集萃2025-07-31T10:37:57弱口令爆破总失败？那我建议您试下这招https://mp.weixin.qq.com/s/Tehg2ojMyJMEJD9bm8gKWw漏洞集萃漏洞集萃2025-07-29T11:55:48我震惊了！知名交易所的MFA，竟然只是一行JS代码？https://mp.weixin.qq.com/s/Ho3uJm4pMEdpoA1HzAjorQ漏洞集萃漏洞集萃2025-07-28T10:21:47逻辑漏洞 | “邀请功能”：一个被严重低估的攻击面”https://mp.weixin.qq.com/s/y8MQUtJBq7RgCJqC-9OWlQ漏洞集萃漏洞集萃2025-07-25T14:07:20无需点击，一张图片就能“偷”走你的GitLab账号！https://mp.weixin.qq.com/s/Szd4gTmSmvrKHRFm7cjOAQ漏洞集萃漏洞集萃2025-07-23T16:31:07紧急预警！你的电脑版微信，可能已被“监控”！一键自查，立刻修复！https://mp.weixin.qq.com/s/m6mDwzi9EZa5hwH0By27gA漏洞集萃漏洞集萃2025-07-22T17:25:04就改了一个参数，喜提$3000https://mp.weixin.qq.com/s/1aZ4duiXuN-ISMJkWQuXaw漏洞集萃漏洞集萃2025-07-22T09:58:46他是如何靠“复制粘贴”拿到自己第一个$150漏洞赏金的https://mp.weixin.qq.com/s/cWeC3DeuY01UII1yA--3_w漏洞集萃漏洞集萃2025-07-21T17:12:06只需一个请求，就能搞垮整个论坛？https://mp.weixin.qq.com/s/x_wG14MIgvdh3q53zQEUcQ漏洞集萃漏洞集萃2025-07-17T09:15:35一个被判“重复”的CSRF漏洞，如何最终斩获赏金？https://mp.weixin.qq.com/s/r-4PTvzi16LsgVdRMMPDZw漏洞集萃漏洞集萃2025-07-16T10:30:09就因API没做权限校验，他把别人的任务列表给删了，还赚了$5000https://mp.weixin.qq.com/s/ojRMbyS4JPp1M7OF5g01oQ漏洞集萃漏洞集萃2025-07-15T15:14:20最近刷屏的“微信XSS漏洞”原理是什么？https://mp.weixin.qq.com/s/4pGiN3CDk3B_9D6A9NxBRQ漏洞集萃漏洞集萃2025-07-14T15:16:45价值$1,000的XSShttps://mp.weixin.qq.com/s/DPPh1shn-mioaTDuw9Gg3g漏洞集萃漏洞集萃2025-07-14T09:12:55$3000 on TikTok Bug Bountyhttps://mp.weixin.qq.com/s/zx4uLJXRovhE8iUOZjeATg漏洞集萃漏洞集萃2025-07-13T06:24:21逻辑漏洞之皇帝的新衣https://mp.weixin.qq.com/s/aF31HMPJDjh83KHeUq4PAw漏洞集萃漏洞集萃2025-07-11T08:58:39WhatsApp登录绕过https://mp.weixin.qq.com/s/edC0DNvhl_tgopnm_F-xkw漏洞集萃漏洞集萃2025-07-10T14:47:46【真·生产力工具】白嫖一年 JetBrains 全家桶https://mp.weixin.qq.com/s/zCzEK27V0aR315EeVJxKXw漏洞集萃漏洞集萃2025-07-01T14:25:19深度揭秘：你点的“我不是机器人”，可能正在喂养一个庞大的黑暗广告科技帝国！https://mp.weixin.qq.com/s/5FTbEsvQGfuLC1cb-GqpTg漏洞集萃漏洞集萃2025-06-14T17:06:18如何通过BAC绕过邀请流程，并获得管理员权限的https://mp.weixin.qq.com/s/Wz_eeH3aJ30WeU_6rX7J3w漏洞集萃漏洞集萃2025-06-03T11:22:17Bypass 2FA，最终斩获6000美金https://mp.weixin.qq.com/s/ZNwuMCMYV5P6lveKq6hBbw漏洞集萃漏洞集萃2025-06-02T13:49:57价值12000美元的GitLab 中的 Git flag注入漏洞https://mp.weixin.qq.com/s/2MTJ_SWaq87TGUnNfVisQw漏洞集萃漏洞集萃2025-06-01T14:46:32价值€3500 的 SQL 注入https://mp.weixin.qq.com/s/W9IVIC1Eo7M5vVVfY6iduw漏洞集萃漏洞集萃2025-05-31T15:15:30预接管漏洞挖掘：条件竞争与逻辑缺陷的组合利用https://mp.weixin.qq.com/s/-rnHsNXY36pfAev4HXqKZA漏洞集萃漏洞集萃2025-05-30T16:56:55如何通过一个SSRF漏洞挖出百万用户数据https://mp.weixin.qq.com/s/jWahktKF3kF_JA-gD-l_eQ漏洞集萃漏洞集萃2025-05-29T15:39:32如何通过XSS接管 Microsoft 账户https://mp.weixin.qq.com/s/mmVn_yi7EXGgulhc39Qc3A漏洞集萃漏洞集萃2025-05-09T20:39:31一封“Google官方邮件”背后的真相：你可能也收到过！https://mp.weixin.qq.com/s/4voFdD8gpcKJrkSgsH2FUA漏洞集萃漏洞集萃2025-04-22T09:18:22如何发现AI chatbot 中的RCEhttps://mp.weixin.qq.com/s/0NCEV7dB8bJUrTn-deZo8g漏洞集萃漏洞集萃2025-04-14T22:59:25价值 $25,000 的hackerone 漏洞https://mp.weixin.qq.com/s/B6ChUvw3CWJd6RNZ2s4IWQ“一次升级，引发一场严重的数据泄露；一位研究者，在漏洞公开90分钟内精准捕捉异常，换来$25,000赏金。”漏洞集萃漏洞集萃2025-04-13T18:57:08价值2500$ 的缓存投毒与 XSS 联动https://mp.weixin.qq.com/s/EtWMB-rvwltwSLlZo1M2fg漏洞详情话不多说，我们直接深入了解这个漏洞。我受邀参加了HackerOne上的一个私人项目，这里我们暂且称其为company.com。漏洞集萃漏洞集萃2025-04-01T11:32:04单个Web应用程序的4500美元漏洞赏金（API Hacking）https://mp.weixin.qq.com/s/Waa2zZCwisImD-5isjA1Tw引言嗨，又是我。在这篇文章中，我将讲述两个月前我在一个Web应用程序上发现的四个漏洞（一个严重漏洞和三个中等严重程度的漏洞）。漏洞集萃漏洞集萃2025-03-30T09:37:402500 美元漏洞赏金：破解 GraphQLhttps://mp.weixin.qq.com/s/dXFRqCqY5iUq4orX7JE8Yw在这篇文章中，我将分享自己在 GraphQL API 应用中发现多个漏洞的学习过程和经验。漏洞集萃漏洞集萃2025-03-29T21:40:13$3362 ——远程代码执行漏洞https://mp.weixin.qq.com/s/P3VBLnAXaeOQ7rmnPYfPhg漏洞集萃漏洞集萃2025-02-27T12:08:01$1020 IDOR漏洞https://mp.weixin.qq.com/s/pecvwFb4tv4JBu8EN2c9zg漏洞集萃漏洞集萃2025-02-25T13:23:25WhatsApp bugbunty 1000$https://mp.weixin.qq.com/s/oLJ_CNL_U_RpHyNl1YYV3Q漏洞集萃漏洞集萃2025-02-19T12:04:52轻而易举的两个赏金漏洞 $200https://mp.weixin.qq.com/s/OmwbtG81XJfTD9oYJYiFng漏洞集萃漏洞集萃2025-02-18T13:32:44Applexa0漏洞bugbuntyxa0 $ 15Khttps://mp.weixin.qq.com/s/mwVbwfN4WCg_rDnV4yNUEA漏洞集萃漏洞集萃2025-02-17T13:43:57Paypal漏洞 $10Khttps://mp.weixin.qq.com/s/2jGwjJtR8ztKYzx3VnD5Gw漏洞集萃漏洞集萃2025-02-15T12:33:02价值1000$的SQL注入漏洞https://mp.weixin.qq.com/s/9Wq-X3BDMI8QIvk0DdM7zA漏洞集萃漏洞集萃2025-02-13T14:42:33$100 轻松赏金 p4 漏洞 :)https://mp.weixin.qq.com/s/rrohcGeedo_smjoANEzpyQ漏洞集萃漏洞集萃2025-02-02T16:50:33API中不当的访问控制导致订单篡改漏洞，获得$3,900赏金https://mp.weixin.qq.com/s/IStvrCwnoGAzQguSSnonPw漏洞集萃漏洞集萃2025-02-01T10:29:45绕过HackerOne的2FA要求及报告者黑名单漏洞https://mp.weixin.qq.com/s/LPb1F0gTM__Hl_x9zFNMnA漏洞集萃漏洞集萃2025-01-31T16:42:23如何发现图片中的EXIF元数据泄漏https://mp.weixin.qq.com/s/iTZSfUznu734UTPUrr6Dmw漏洞集萃漏洞集萃2025-01-30T12:05:57简单的GraphQL SSRF漏洞赚取了3,000美元https://mp.weixin.qq.com/s/NfQ5sPG-vsB7nx-JkgwgLw漏洞集萃漏洞集萃2025-01-27T14:29:42通过 PNG 和奇怪的内容类型在 Facebook 上实现 XSShttps://mp.weixin.qq.com/s/CHKacNf20I1p3a-k0iLnSQ漏洞集萃漏洞集萃2025-01-03T10:31:12Uber平台的漏洞连环攻防战https://mp.weixin.qq.com/s/Mx3Zu2j1EefsiKzumeEdRw漏洞集萃漏洞集萃2025-01-01T22:39:28如何用一个漏洞删除Google Gallery的数据https://mp.weixin.qq.com/s/EnJX8u4T4OCkcXfE5pFWaw漏洞集萃漏洞集萃2024-12-31T19:24:07如何通过跨站脚本攻击（XSS）发现账号接管（ATO）漏洞https://mp.weixin.qq.com/s/ADj6s2HQ33UK98EtlcNrzQ漏洞集萃漏洞集萃2024-12-30T19:56:55发现谷歌的 IDOR 漏洞，并获得了3133.70 美元赏金https://mp.weixin.qq.com/s/oyNh9uKj6taDDjTxndeN-A漏洞集萃漏洞集萃2024-12-29T17:34:38如何在漏洞赏金计划中发现关键漏洞并赚取$4,000https://mp.weixin.qq.com/s/wn55fcSfqkjtuRFTYPzfzQ漏洞集萃漏洞集萃2024-12-28T06:06:27价值1200$的访问控制失效漏洞https://mp.weixin.qq.com/s/zwHFEtRPcOTkwg_rk3Sb8A安全声明：本公众号文章中涉及的技术（漏洞）仅用于安全研究与教学，若读者将其作他用，将由读者承担全部法律及连带责漏洞集萃漏洞集萃2024-08-24T16:34:30