Mailru


reports in last 90 days

421

disclosed resolved issues

12

disclosed informative issues

5

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

None Открытые сорцы

Information Disclosure linkks Time to triage: 0 Days and 0 hours


Time to close: 48 Days and 19 hours
Resolved

Medium Publicly Accessible Harshi Corp Consul

Improper Access Control - Generic l33tcyberops Time to triage: 0 Days and 0 hours


Time to close: 3 Days and 8 hours
Resolved

None [health.mail.ru] Раскрытие SSI сценариев

Information Disclosure bobrov Time to triage: 0 Days and 0 hours


Time to close: 422 Days and 22 hours
Resolved

No rating Web Cache Poisoning

Cross-site Scripting (XSS) - Stored linkks Time to triage: 0 Days and 0 hours


Time to close: 70 Days and 1 hours
Resolved

Low [screenshot.mail.ru] CRLF Injection

CRLF Injection bobrov Time to triage: 1 Days and 14 hours


Time to close: 4 Days and 2 hours
Resolved

Low Blind SSRF [ Sentry Misconfiguraton ]

Server-Side Request Forgery (SSRF) elmahdi Time to triage: 0 Days and 0 hours


Time to close: 13 Days and 19 hours
Resolved

Medium [special.mail.ru] Information Disclosure

Information Disclosure bobrov Time to triage: 0 Days and 0 hours


Time to close: 9 Days and 20 hours
Resolved

Medium Avatar upload allows arbitrary file overwriting

Path Traversal taraszelyk Time to triage: 0 Days and 1 hours


Time to close: 9 Days and 3 hours
Resolved

Low Disable 2FA via CSRF (Leads to 2FA Bypass)

Cross-Site Request Forgery (CSRF) the_predator Time to triage: 0 Days and 7 hours


Time to close: 27 Days and 3 hours
Resolved

None SVN repository

Information Disclosure linkks Time to triage: 0 Days and 0 hours


Time to close: 4 Days and 22 hours
Resolved

Medium XSS

Cross-site Scripting (XSS) - Generic linkks Time to triage: 0 Days and 14 hours


Time to close: 87 Days and 3 hours
Resolved

None пхпинфо

Information Disclosure linkks Time to triage: 0 Days and 0 hours


Time to close: 39 Days and 3 hours
Resolved

Low CSRF на отправку вопроса на [games.mail.ru]

Cross-Site Request Forgery (CSRF) xaleraf4ra Time to triage: 18 Days and 23 hours


Time to close: 3 Days and 0 hours
Resolved

Low Path Traversal When Sharing with Cloud Mail.Ru App via a file with Crated Name

Path Traversal heeeeen Time to triage: 0 Days and 4 hours


Time to close: 84 Days and 1 hours
Resolved

None xss

Cross-site Scripting (XSS) - Reflected linkks Time to triage: 0 Days and 0 hours


Time to close: 59 Days and 23 hours
Resolved

Medium [auto.mail.ru] IDOR на редактирование поста любого юзера.

Insecure Direct Object Reference (IDOR) penlab Time to triage: 1 Days and 11 hours


Time to close: 8 Days and 3 hours
Resolved

Medium Xss Reflected On spgw.terrhq.ru [ url ]

Cross-site Scripting (XSS) - Reflected elmahdi Time to triage: 1 Days and 2 hours


Time to close: 16 Days and 19 hours
Resolved

None Settings page in https://support.my.com is vulnerable to clickjacking

UI Redressing (Clickjacking) obayda Time to triage: 0 Days and 21 hours


Time to close: 29 Days and 5 hours
Resolved

Low Delete images of users with clickjacking in https://pw.mail.ru

UI Redressing (Clickjacking) chajer Time to triage: 0 Days and 15 hours


Time to close: 5 Days and 4 hours
Resolved

Low Bash History file log

Information Disclosure iframe Time to triage: 0 Days and 13 hours


Time to close: 2 Days and 2 hours
Resolved

Medium JSONP hijacking

Cross-Site Request Forgery (CSRF) niwasaki Time to triage: 0 Days and 4 hours


Time to close: 219 Days and 3 hours
Resolved

Medium [auto.mail.ru] IDOR на редактирование поста любого юзера.

Insecure Direct Object Reference (IDOR) penlab Time to triage: 1 Days and 11 hours


Time to close: 8 Days and 3 hours
Resolved

Medium Information Disclosure - Получаем доступ к работам и к приватным презентациям к курсам

Information Exposure Through Directory Listing xaleraf4ra Time to triage: 1 Days and 18 hours


Time to close: 8 Days and 2 hours
Resolved

No rating Раскрытие информации о совершенных операциях

Information Disclosure m4l0 Time to triage: 0 Days and 21 hours


Time to close: 8 Days and 5 hours
Resolved

Medium Insecure Storage and Overly Permissive Google Maps API Key in Android App

Insecure Storage of Sensitive Information bitsscrambler Time to triage: 0 Days and 1 hours


Time to close: 12 Days and 0 hours
Resolved