Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

VK.com - HackerOne Reports

View on HackerOne

163

Total Reports

7

Critical

30

High

38

Medium

38

Low

Обход 2ух-шаговой авторизации / 2FA Bypass

Reported by: povargek | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $1000.00

Дорк

Reported by: linkks | Disclosed:

Weakness: Information Disclosure

Page replacement and redirect loop

Reported by: tohasec | Disclosed:

Weakness: Violation of Secure Design Principles

Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)

Reported by: bugwrangler | Disclosed:

Weakness: Information Disclosure

Bounty: $100.00

Просмотр лайков и репостов фотографии, которая находятся в приватном альбоме

Reported by: tohasec | Disclosed:

Weakness: Violation of Secure Design Principles

Нет флуд-контроля на функции "Запрос денег" в VK Pay. Флуд уведомлениями и сообщениями пользователю, находящемуся в друзьях.

Reported by: zelenskyy | Disclosed:

Low

Bounty: $100.00

Узнать название частной группы и ее аватарку по видеоролику.

Reported by: circuit | Disclosed:

Low

Bounty: $100.00

XSS в товарах

Reported by: circuit | Disclosed:

High

Bounty: $1000.00

Написать от имени любого пользователя на его стене, если он перейдет по ссылке. https://vk.com/al_video.php

Reported by: circuit | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $200.00

error

Reported by: linkks | Disclosed:

Weakness: Information Disclosure

Backup Source Code Detected

Reported by: linkks | Disclosed:

Critical

Weakness: Information Disclosure

Обходим 2FA и/или получаем access_token, если мы когда-либо были на аккаунте жертвы

Reported by: povargek | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $300.00

новенькое (старенькое upgreid) хакерство: делаем демократию во всем в контакте (XSS - на англиском)

Reported by: yango | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Reflected xss в m.vk.com/chatjoin

Reported by: executor | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $500.00

XSS в комментариях от имени сообщества

Reported by: flyink | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - DOM

[VK Android] Access to app protected components leads to arbitrary code execution

Reported by: bagipro | Disclosed:

local file disclosure via FFmpeg hls processing

Reported by: neex | Disclosed:

Weakness: Information Disclosure

Bounty: $1000.00

Раскрытие имени файла приватных документов

Reported by: zhumarin | Disclosed:

Medium

Weakness: Privacy Violation

Получаем название и аватарку (50x50) частной группы.

Reported by: azimoff | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $100.00

Мини-уязвимость в обработке ссылок

Reported by: qwe | Disclosed:

Low

Previous Page 2 of 9 Next