七月份文章收藏

HTML缩小的潜在XSS漏洞

https://hackerone.com/reports/24684

 

node.js 目录遍历

https://hackerone.com/reports/358645

--path-as-is    Do not squash .. sequences in URL path

curl 中 --path-as-is 选项的意思是在不要压缩URL路径中的 .. 符号

serve包介绍:https://www.npmjs.com/package/serve

 

内容注入

https://hackerone.com/reports/144104

用户或攻击者能够将其文本注入错误页面,并且可以捕获用户访问恶意站点。

 

 

图片xss

https://hackerone.com/reports/72526

"><img src="x" onerror=alert(cookie)>.png

 

 

header头攻击

https://hackerone.com/reports/137181

 

 

NGINX alias错误配置可任意读取

https://hackerone.com/reports/317201

https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

https://www.leavesongs.com/PENETRATION/nginx-insecure-configuration.html

posted @ 2018-07-09 03:49  ihoneysec  阅读(225)  评论(0编辑  收藏  举报