七月份文章收藏
HTML 缩小的潜在 XSS 漏洞 https://hackerone.com/reports/24684 node.js 目录遍历 https://hackerone.com/reports/358645 --path-as-is Do not squash .. sequences in URL path curl 中 --path-as-is 选项的意思是在不要压缩URL 路径中的 .. 符号 serve 包介绍: https://www.npmjs.com/package/serve 内容注入 https://hackerone.com/reports/144104 用户或攻击者能够将其文本注入错误页面,并且可以捕获用户访问恶意站点。 图片xss https://hackerone.com/reports/72526 "><img src="x" onerror=alert (cookie )>.png header 头攻击 https://hackerone.com/reports/137181 NGINX alias 错误配置可任意读取 https://hackerone.com/reports/317201 https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md