Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

VK.com - HackerOne Reports

View on HackerOne

163

Total Reports

7

Critical

30

High

38

Medium

38

Low

Clickjacking vkpay

Reported by: 0x3c3e | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Open redirect на мобильной версии в контакте (m.vk.com

Reported by: executor | Disclosed:

Medium

Weakness: Open Redirect

Bounty: $300.00

HTML Injection possible due to bad filter

Reported by: jackb898 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Missing Server Side Rate Limiting can Lead to VK Account Take over

Reported by: mkap | Disclosed:

Weakness: Violation of Secure Design Principles

Bounty: $400.00

Узнаем несколько цифр номера телефона юзера (можно флудить смс), всего раз узнав его remixsid и его ид юзера, и установка оффлайна юзерам.

Reported by: povargek | Disclosed:

High

Weakness: Insufficient Session Expiration

Bounty: $300.00

XSS в личных сообщениях

Reported by: vladvis | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Просмотр аттачей удаленного сообщения.....

Reported by: executor | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $200.00

Просмотр инфы на странице пользователя или группы который тебя добавил в ЧС

Reported by: pisarenko | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $200.00

Раскрытие названия частной группы через старый бокс просмотра фото.

Reported by: executor | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $100.00

Возможность провести DoS атаку от имени vk.com сервера

Reported by: denispugachev | Disclosed:

Дорк

Reported by: linkks | Disclosed:

Weakness: Information Disclosure

Просмотр лайков и репостов фотографии, которая находятся в приватном альбоме

Reported by: tohasec | Disclosed:

Weakness: Violation of Secure Design Principles

XSS в товарах

Reported by: circuit | Disclosed:

High

Bounty: $1000.00

Хранимая XSS в группе VK

Reported by: sql | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00

error

Reported by: linkks | Disclosed:

Weakness: Information Disclosure

Обходим 2FA и/или получаем access_token, если мы когда-либо были на аккаунте жертвы

Reported by: povargek | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $300.00

[VK Android] Access to app protected components leads to arbitrary code execution

Reported by: bagipro | Disclosed:

local file disclosure via FFmpeg hls processing

Reported by: neex | Disclosed:

Weakness: Information Disclosure

Bounty: $1000.00

Раскрытие имени файла приватных документов

Reported by: zhumarin | Disclosed:

Medium

Weakness: Privacy Violation

Мини-уязвимость в обработке ссылок

Reported by: qwe | Disclosed:

Low

Page 1 of 9 Next