Joomla 权限提升漏洞(CVE-2016-9838)分析
http://paper.seebug.org/152/

使用Hashcat破解外国字符构成的密码的终极指南
http://drops.wiki/index.php/2016/12/21/hashcat/

A collection of JavaScript engine CVEs with PoCs
https://github.com/tunz/js-vuln-db

使用docker搭建开发环境
https://segmentfault.com/a/1190000007875949

在application/json,application/javascript等Response下进行XSS
http://www.91ri.org/16545.html

thinksns(Arbitrary file upload)
http://www.91ri.org/16550.html

Dnsteal:一个利用DNS请求传输文件的工具
http://www.mottoin.com/94437.html

Bottle HTTP 头注入漏洞探究
https://www.leavesongs.com/PENETRATION/bottle-crlf-cve-2016-9964.html