CTF PWN题之setbuf的利用
http://0x48.pw/2017/11/11/0x3D/

HITCON2017-writeup整理
https://lorexxar.cn/2017/11/10/hitcon2017-writeup/

API安全:CSRF
https://xianzhi.aliyun.com/forum/topic/1497/

PayPal子域存储型XSS
http://firstsight.me/fia07a53c4ec63d2b0d47fe27ea2645d82f8c98648/[ENG]%20PayPal%20-%20Turning%20Self-XSS%20into%20non-Self%20Stored-XSS%20via%20Authorization%20Issue.pdf
视频演示:https://www.youtube.com/watch?v=XwynfNOxIlI