ok.ru - HackerOne Reports
View on HackerOne21
Total Reports
8
Critical
4
High
2
Medium
2
Low
Хранимая XSS в личных сообщениях новое место
Reported by:
circuit
|
Disclosed:
Critical
Покупка=>скачка песен, которые не предназначены для продажи
Reported by:
4lemon
|
Disclosed:
Xss in m.ok.ru
Reported by:
hamooda_anonphantom
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Privilege Escalation удаляем все созданные ссылки с okl.lt
Reported by:
iframe
|
Disclosed:
Critical
Weakness: Privilege Escalation
XSS в личных сообщениях
Reported by:
circuit
|
Disclosed:
High
Blind SQL Injection
Reported by:
linkks
|
Disclosed:
Critical
Weakness: SQL Injection
Privacy violation для аттачей в сообщениях.
Reported by:
iframe
|
Disclosed:
High
Weakness: Privacy Violation
[insideok.ru] Remote Command Execution via file upload.
Reported by:
iframe
|
Disclosed:
Critical
Weakness: Command Injection - Generic
[okmedia.insideok.ru] Web Cache Poisoing & XSS
Reported by:
iframe
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
cross siite scripting in the blog
Reported by:
cyberboy
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
[insideok.ru] Database Dump
Reported by:
bigbear_
|
Disclosed:
High
Weakness: Improper Authentication - Generic
ВИП подарки бесплатные без подключения ВИП услуги
Reported by:
isaeva
|
Disclosed:
Medium
[okl.lt] Раскрытие администраторских функций в .js + Возможность использования этих функций.
Reported by:
iframe
|
Disclosed:
Critical
Weakness: Privilege Escalation
http://217.20.144.201 privilege escalation in apache tomcat SessionEample-script
Reported by:
mthirup
|
Disclosed:
Weakness: Privilege Escalation
Очень жесткая XSS в личных сообщениях m.ok.ru
Reported by:
circuit
|
Disclosed:
Critical
Weakness: Cross-site Scripting (XSS) - Stored
Cisco ASA Denial of Service & Path Traversal (CVE-2018-0296)
Reported by:
linkks
|
Disclosed:
Critical
Обход функций закрытого профиля, получения возможности комментировать закрытые подарки и просматривать их
Reported by:
isaeva
|
Disclosed:
Medium
Отсутствие CSRF ключа на функции Закрытый Профиль.
Reported by:
iframe
|
Disclosed:
Critical
Weakness: Cross-Site Request Forgery (CSRF)
Stored XSS в имени песни (2) на платёжном гейте.
Reported by:
4lemon
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
web.xml configuration file disclosure
Reported by:
linkks
|
Disclosed:
Low
Weakness: Information Disclosure
Page 1 of 2
Next