Ok


reports in last 90 days

30

disclosed resolved issues

2

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Critical [insideok.ru] Remote Command Execution via file upload.

Command Injection - Generic iframe Time to triage: 0 Days and 2 hours


Time to close: 48 Days and 1 hours
Resolved

High [okmedia.insideok.ru] Web Cache Poisoing & XSS

Cross-site Scripting (XSS) - Stored iframe Time to triage: 8 Days and 1 hours


Time to close: 12 Days and 21 hours
Resolved

Critical [okl.lt] Раскрытие администраторских функций в .js + Возможность использования этих функций.

Privilege Escalation iframe Time to triage: 0 Days and 13 hours


Time to close: 2 Days and 5 hours
Resolved

Critical Privilege Escalation удаляем все созданные ссылки с okl.lt

Privilege Escalation iframe Time to triage: 5 Days and 22 hours


Time to close: 16 Days and 22 hours
Resolved

Critical Cisco ASA Denial of Service & Path Traversal (CVE-2018-0296)

None supplied linkks Time to triage: 3 Days and 11 hours


Time to close: 1 Days and 3 hours
Resolved

Low Plain text password for 'unknown' user exist in URL when opening jira.apiok.ru

Plaintext Storage of a Password exadmin Issue was not triaged


Time to close: 10 Days and 18 hours
Informative

Medium Обход функций закрытого профиля, получения возможности комментировать закрытые подарки и просматривать их

None supplied isaeva Time to triage: 12 Days and 4 hours


Time to close: 218 Days and 1 hours
Resolved

Medium ВИП подарки бесплатные без подключения ВИП услуги

None supplied isaeva Time to triage: 16 Days and 0 hours


Time to close: 505 Days and 3 hours
Resolved

High Privacy violation для аттачей в сообщениях.

Privacy Violation iframe Time to triage: 0 Days and 20 hours


Time to close: 28 Days and 4 hours
Resolved

Critical Очень жесткая XSS в личных сообщениях m.ok.ru

Cross-site Scripting (XSS) - Stored lincoln9932 Time to triage: 7 Days and 11 hours


Time to close: 18 Days and 7 hours
Resolved

High [insideok.ru] Database Dump

Improper Authentication - Generic bigbear_ Time to triage: 3 Days and 23 hours


Time to close: 3 Days and 2 hours
Resolved

High XSS в личных сообщениях

None supplied lincoln9932 Time to triage: 8 Days and 16 hours


Time to close: 8 Days and 19 hours
Resolved

Critical Blind SQL Injection

SQL Injection linkks Time to triage: 1 Days and 7 hours


Time to close: 1 Days and 3 hours
Resolved

No rating cross siite scripting in the blog

Cross-site Scripting (XSS) - Generic cyberboy Time to triage: 8 Days and 16 hours


Time to close: 626 Days and 4 hours
Resolved

Low web.xml configuration file disclosure

Information Disclosure linkks Time to triage: 27 Days and 7 hours


Time to close: 52 Days and 9 hours
Resolved

No rating Покупка=>скачка песен, которые не предназначены для продажи

None supplied 4lemon Time to triage: 27 Days and 17 hours


Time to close: 334 Days and 21 hours
Resolved

No rating Stored XSS в имени песни (2) на платёжном гейте.

Cross-site Scripting (XSS) - Generic 4lemon Time to triage: 25 Days and 20 hours


Time to close: 384 Days and 19 hours
Resolved

No rating Xss in m.ok.ru

Cross-site Scripting (XSS) - Generic hamooda_anonphantom Time to triage: 37 Days and 22 hours


Time to close: 5 Days and 1 hours
Resolved

No rating http://217.20.144.201 privilege escalation in apache tomcat SessionEample-script

Privilege Escalation mthirup Time to triage: 2 Days and 4 hours


Time to close: 401 Days and 17 hours
Resolved

No rating Critical : Access to group videos where videos are restricted for all users(Broken authentication )

Improper Authentication - Generic vijay_kumar1110 Time to triage: 29 Days and 11 hours


Time to close: 93 Days and 19 hours
Resolved

No rating Multiple critical vulnerabilities in Odnoklassniki Android application

None supplied hardc0re Time to triage: 0 Days and 21 hours


Time to close: 229 Days and 23 hours
Resolved

No rating Missing proper error message.

Violation of Secure Design Principles exploitraja Issue was not triaged


Time to close: 29 Days and 2 hours
Informative

No rating xss in group

Cross-site Scripting (XSS) - Generic ashishdhaduk Time to triage: 20 Days and 10 hours


Time to close: 61 Days and 18 hours
Resolved

No rating Same-Origin Policy Bypass #2

None supplied zoczus Time to triage: 4 Days and 9 hours


Time to close: 122 Days and 4 hours
Resolved

No rating Same-Origin Policy bypass on main domain - ok.ru

None supplied zoczus Time to triage: 4 Days and 11 hours


Time to close: 70 Days and 3 hours
Resolved