reddelexc/hackerone-reports

HackerOne 报告精选。所有报告的原始信息存储在 `data.csv` 中。 用于更新此文件的脚本使用 Python 3 编写，并且需要在 `PATH` 中包含 `chromedriver` 和 `Chromium` 可执行文件。 每个脚本都包含关于其工作原理的一些说明。 脚本的运行顺序： 1. `fetcher.py` 2. `uniquer.py` 3. `filler.py` 4. `rater.py` 前 100 名。 - [获赞数前 100 的报告](tops_100/TOP100UPVOTED.md) - [奖金数前 100 的报告](tops_100/TOP100PAID.md) 按漏洞类型分类的精选。 - [Top XSS 报告](tops_by_bug_type/TOPXSS.md) - [Top XXE 报告](tops_by_bug_type/TOPXXE.md) - [Top CSRF 报告](tops_by_bug_type/TOPCSRF.md) - [Top IDOR 报告](tops_by_bug_type/TOPIDOR.md) - [Top RCE 报告](tops_by_bug_type/TOPRCE.md) - [Top SQLi 报告](tops_by_bug_type/TOPSQLI.md) - [Top SSRF 报告](tops_by_bug_type/TOPSSRF.md) - [Top Race Condition 报告](tops_by_bug_type/TOPRACECONDITION.md) - [Top Subdomain Takeover 报告](tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md) - [Top Open Redirect 报告](tops_by_bug_type/TOPOPENREDIRECT.md) - [Top Clickjacking 报告](tops_by_bug_type/TOPCLICKJACKING.md) - [Top DoS 报告](tops_by_bug_type/TOPDOS.md) - [Top OAuth 报告](tops_by_bug_type/TOPOAUTH.md) - [Top Account Takeover 报告](tops_by_bug_type/TOPACCOUNTTAKEOVER.md) - [Top Business Logic 报告](tops_by_bug_type/TOPBUSINESSLOGIC.md) - [Top REST API 报告](tops_by_bug_type/TOPAPI.md) - [Top GraphQL 报告](tops_by_bug_type/TOPGRAPHQL.md) - [Top Information Disclosure 报告](tops_by_bug_type/TOPINFODISCLOSURE.md) - [Top Web Cache 报告](tops_by_bug_type/TOPWEBCACHE.md) - [Top SSTI 报告](tops_by_bug_type/TOPSSTI.md) - [Top Upload 报告](tops_by_bug_type/TOPUPLOAD.md) - [Top HTTP Request Smuggling 报告](tops_by_bug_type/TOPREQUESTSMUGGLING.md) - [Top OpenID 报告](tops_by_bug_type/TOPOPENID.md) - [Top Mobile 报告](tops_by_bug_type/TOPMOBILE.md) - [Top File Reading 报告](tops_by_bug_type/TOPFILEREADING.md) - [Top Authorization Bypass 报告](tops_by_bug_type/TOPAUTHORIZATION.md) - [Top Authentication Bypass 报告](tops_by_bug_type/TOPAUTH.md) - [Top MFA 报告](tops_by_bug_type/TOPMFA.md) 按项目 (Program) 分类精选。 - [Top Mail.ru 报告](tops_by_program/TOPMAILRU.md) - [Top HackerOne 报告](tops_by_program/TOPHACKERONE.md) - [Top Shopify 报告](tops_by_program/TOPSHOPIFY.md) - [Top Nextcloud 报告](tops_by_program/TOPNEXTCLOUD.md) - [Top Twitter 报告](tops_by_program/TOPTWITTER.md) - [Top X / xAI 报告](tops_by_program/TOPXXAI.md) - [Top Uber 报告](tops_by_program/TOPUBER.md) - [Top Node.js 报告](tops_by_program/TOPNODEJSTHIRDPARTYMODULES.md) - [Top shopify-scripts 报告](tops_by_program/TOPSHOPIFYSCRIPTS.md) - [Top Legal Robot 报告](tops_by_program/TOPLEGALROBOT.md) - [Top U.S. Dept of Defense 报告](tops_by_program/TOPUSDEPTOFDEFENSE.md) - [Top Gratipay 报告](tops_by_program/TOPGRATIPAY.md) - [Top Weblate 报告](tops_by_program/TOPWEBLATE.md) - [Top VK.com 报告](tops_by_program/TOPVKCOM.md) - [Top New Relic 报告](tops_by_program/TOPNEWRELIC.md) - [Top LocalTapiola 报告](tops_by_program/TOPLOCALTAPIOLA.md) - [Top Zomato 报告](tops_by_program/TOPZOMATO.md) - [Top Slack 报告](tops_by_program/TOPSLACK.md) - [Top ownCloud 报告](tops_by_program/TOPOWNCLOUD.md) - [Top GitLab 报告](tops_by_program/TOPGITLAB.md) - [Top Ubiquiti Inc. 报告](tops_by_program/TOPUBIQUITIINC.md) - [Top Automattic 报告](tops_by_program/TOPAUTOMATTIC.md) - [Top Coinbase 报告](tops_by_program/TOPCOINBASE.md) - [Top Verizon Media 报告](tops_by_program/TOPVERIZONMEDIA.md) - [Top Starbucks 报告](tops_by_program/TOPSTARBUCKS.md) - [Top Paragon Initiative Enterprises 报告](tops_by_program/TOPPARAGONINITIATIVEENTERPRISES.md) - [Top PHP (IBB) 报告](tops_by_program/TOPPHP(IBB).md) - [Top Brave Software 报告](tops_by_program/TOPBRAVESOFTWARE.md) - [Top Vimeo 报告](tops_by_program/TOPVIMEO.md) - [Top OLX 报告](tops_by_program/TOPOLX.md) - [Top concrete5 报告](tops_by_program/TOPCONCRETE5.md) - [Top Phabricator 报告](tops_by_program/TOPPHABRICATOR.md) - [Top Pornhub 报告](tops_by_program/TOPPORNHUB.md) - [Top Localize

标签：API安全, BeEF, Bug Bounty, Chromedriver, CISA项目, CSRF, CVE, GraphQL, HackerOne, HTTP请求走私, IDOR, JSON输出, OAuth, Python, RCE, Selenium, SSRF, SSTI, Web安全, Windows内核, XSS, XXE, 业务逻辑漏洞, 信息泄露, 列表合集, 可自定义解析器, 子域名接管, 安全报告, 实战案例, 开放重定向, 授权绕过, 数字签名, 文件上传, 文件读取, 无后门, 条件竞争, 漏洞分析, 漏洞情报, 漏洞披露, 点击劫持, 爬虫, 电子书, 白帽子, 目录枚举, 移动安全, 缓存投毒, 网络安全, 蓝队分析, 账户劫持, 路径探测, 防御加固, 隐私保护