国内

渗透测试 | 某商城前台SQL注入漏洞测试

https://www.freebuf.com/articles/web/386084.html

对某登录站点的JS前端逆向思路

https://www.freebuf.com/articles/web/385280.html

被忽视的暗面：客户端应用漏洞挖掘之旅

https://bbs.kanxue.com/thread-279951.htm

国外

Remote Code execution at ws1.aholdusa.com — Compromising logins of Ahold Delhaize USA employees for >3.5 years (or even 18 years?)

https://medium.com/@jonathanbouman/remote-code-execution-at-ws1-aholdusa-com-compromising-logins-of-ahold-delhaize-usa-employees-c7c9aca7e05d

Gaining Admin Access via GraphQL

https://medium.com/@ashlyn.lau_17206/gaining-admin-access-via-graphql-95255372afa0

Unveiling Privilege Escalation and Sensitive Data Exposure across the Domain

https://medium.com/@javroot/privilege-escalation-and-sensitive-data-exposure-all-domain-cbfdc1e437e0

每周一9点发布精选内容。

每周三9点发布翻译内容。

更多安全资讯，请关注微信公众号：安全虫。

每周坚持学习与分享，觉得文章对你有帮助可在底部给点个“在看”。