[okl.lt] Раскрытие администраторских функций в .js + Возможность использования этих функций.
Discovered by iframe on Ok

This issue took 0 Days and 13 hours to triage and 2 Days and 5 hours to resolve once triaged.

<a href="/iframe">@iframe</a> reported insufficient authorization at okl.lt which allowed regular users to perform actions intended to be accessible to administrators only.<br> This vulnerability was aggravated by the fact that administrators-only API could be reversed-engineered from the HTML code.