【Reddit 500刀】第三方应用程序可以使用 inAppBrowser 窃取访问令牌以及受保护的文件 https://hackerone.com/reports/1122177
【Reddit 500刀】在端点 https://oauth.reddit.com/api/v2/gold/android/verify_purchase 通过 Google Play 商店购买时,竞争条件会导致硬币膨胀 https://hackerone.com/reports/801743
【Reddit 500刀】Image queue default key of 'None' and GraphQL unhandled type exception https://hackerone.com/reports/996041
【 Reddit 100刀】局外人可以通过调用 /api/vote API 来影响私有 subreddit 帖子的 Upvote Percentage https://hackerone.com/reports/1298902
GitLab CE CVE-2021-22205 in the wild https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
CVE-2021-22205 https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-22205.yaml
https://github.com/RedTeamWing/CVE-2021-22205/
Decoding Facebook's GraphQL API schema https://github.com/CajuM/fb-graphql-schema