• DNS hijacking using cloud providers

DNS SPF Record Spoofing

• paper
• hackerone case

unicode vulnerability

• Phishing Attack

Autobinding vulns

• Spring MVC
• case

cross-domain login detection code

• X-Frame-Options (XFO) Detection from Javascript
• old vector

QRLJacking

• QRLJacking

abuse normal function

• Steal Money by normal function
• PRMitM attack

cross protocol script

• Trying to hack Redis via HTTP requests
• case ssrf + urllib injection+cross protocol script+python unserialize

CORS misconfiguration

日志记录

Race Condition

• 刷钱漏洞

IE Text/Plain

IE MIME Sniffing