Icq


reports in last 90 days

26

disclosed resolved issues

3

disclosed informative issues

2

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Code Injection in macOS Desktop Client

Code Injection protex0r Time to triage: 0 Days and 19 hours


Time to close: 43 Days and 0 hours
Resolved

None ICQ for macOS: lack of `com.apple.quarantine` meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables

Phishing metnew Time to triage: 0 Days and 1 hours


Time to close: 68 Days and 21 hours
Resolved

None Загрузка png бомбы, которая начинает DDOS атаку на бота со Стикерами.

None supplied iframe Time to triage: 0 Days and 15 hours


Time to close: 55 Days and 2 hours
Resolved

High web.icq.com XSS in chat message via contact info

Cross-site Scripting (XSS) - Stored superboyxxx Time to triage: 0 Days and 12 hours


Time to close: 13 Days and 3 hours
Resolved

High XSS web.icq.com double linkify

Cross-site Scripting (XSS) - Stored shafigullin Time to triage: 0 Days and 0 hours


Time to close: 21 Days and 3 hours
Resolved

High [web.icq.com] Stored XSS in "О Контакте"

Cross-site Scripting (XSS) - Stored n4sty Time to triage: 0 Days and 0 hours


Time to close: 4 Days and 23 hours
Resolved

High Stored xss on message reply

Cross-site Scripting (XSS) - Stored n4sty Time to triage: 1 Days and 12 hours


Time to close: 5 Days and 5 hours
Resolved

None Найден build.sh в webagent.mail.ru

Information Disclosure artebels Time to triage: 0 Days and 17 hours


Time to close: 1 Days and 4 hours
Resolved

Medium SSRF на api.icq.net

Server-Side Request Forgery (SSRF) theappsec Time to triage: 0 Days and 13 hours


Time to close: 165 Days and 7 hours
Resolved

None Stored XSS in api.icq.net

Phishing cheatboss Time to triage: 6 Days and 2 hours


Time to close: 12 Days and 23 hours
Resolved

Medium Bypass security fixes by downgrading version of application

Reliance on Untrusted Inputs in a Security Decision ruvlol Time to triage: 0 Days and 14 hours


Time to close: 35 Days and 5 hours
Resolved

Low Error in processing gif images

None supplied z0rr0 Time to triage: 0 Days and 3 hours


Time to close: 38 Days and 15 hours
Resolved

High ICQ 10.0.12371 icq: Uri Handler '-testability' URL File Insecure Library Loading Code Execution Vulnerability

Code Injection bigshape Time to triage: 28 Days and 5 hours


Time to close: 31 Days and 21 hours
Resolved

Medium easyXDM allows cross domain postmessaging with any origin, leaking sensitive info

Improper Access Control - Generic ruvlol Time to triage: 155 Days and 3 hours


Time to close: 1 Days and 23 hours
Resolved

High [web.icq.com] Stored XSS in link when sending message

Cross-site Scripting (XSS) - Stored flamezzz Time to triage: 0 Days and 11 hours


Time to close: 10 Days and 5 hours
Resolved

High XSS при добавлении в чат пользователя

Cross-site Scripting (XSS) - Reflected n4sty Time to triage: 0 Days and 0 hours


Time to close: 10 Days and 21 hours
Resolved

High Stored xss в пересланном сообщении.

Cross-site Scripting (XSS) - Stored executor Time to triage: 25 Days and 17 hours


Time to close: 41 Days and 6 hours
Resolved

Medium Gain access to random information via group chat "about" property

Information Disclosure 3c75 Time to triage: 0 Days and 3 hours


Time to close: 86 Days and 17 hours
Resolved

No rating XSS on New contact

None supplied rootbakar_ Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

Medium api.icq.com / возможность смотреть аватарку и название приватного чата

None supplied iframe Time to triage: 6 Days and 6 hours


Time to close: 97 Days and 18 hours
Resolved

Medium XSS at https://icq.com/people

Cross-site Scripting (XSS) - Stored s3r3n3storm Time to triage: 0 Days and 13 hours


Time to close: 37 Days and 6 hours
Resolved

Medium Получаем все домены и поддомены icq с помощью amazonaws.com [config,txt]

None supplied iframe Issue was not triaged


Time to close: 0 Days and 8 hours
Informative

Medium api.icq.com / возможность присоединиться к любому чату (даже закрытому).

None supplied iframe Time to triage: 14 Days and 12 hours


Time to close: 8 Days and 22 hours
Resolved

No rating The auth token does not expire on logging out and even after logging out all sessions

Session Fixation whitehattushu Time to triage: 0 Days and 1 hours


Time to close: 7 Days and 17 hours
Resolved

None api.icq.com / возможность написать кому угодно (даже icqsystem)

None supplied iframe Time to triage: 0 Days and 17 hours


Time to close: 2 Days and 18 hours
Not-applicable