Skip to content

Latest commit

 

History

History
591 lines (587 loc) · 68.9 KB

TOPMAILRU.md

File metadata and controls

591 lines (587 loc) · 68.9 KB

Back

Top reports from Mail.ru program at HackerOne:

  1. touch.mail.ru / e.mail.ru memory content disclosure to Mail.ru - 394 upvotes, $10000
  2. Unrestricted file upload on [ambassador.mail.ru] to Mail.ru - 377 upvotes, $3000
  3. RCE on shared.mail.ru due to "widget" plugin to Mail.ru - 353 upvotes, $10000
  4. Account TakeOver at my.33slona.ru to Mail.ru - 352 upvotes, $1700
  5. Account TakeOver at my.33slona.ru to Mail.ru - 352 upvotes, $1700
  6. [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 335 upvotes, $4000
  7. SSRF & LFR via on city-mobil.ru to Mail.ru - 334 upvotes, $6000
  8. [fleet.city-mobil.ru] Driver balance increasing to Mail.ru - 314 upvotes, $8000
  9. [windows10.hi-tech.mail.ru] Blind SQL Injection to Mail.ru - 314 upvotes, $5000
  10. Account Takeover worki.ru to Mail.ru - 297 upvotes, $1700
  11. SSRF on fleet.city-mobil.ru leads to local file read to Mail.ru - 271 upvotes, $6000
  12. XXE on pulse.mail.ru to Mail.ru - 260 upvotes, $6000
  13. SSRF & LFR on city-mobil.ru to Mail.ru - 237 upvotes, $6000
  14. Boolean-based SQL Injection on relap.io to Mail.ru - 223 upvotes, $2000
  15. Blind SQL Injection in city-mobil.ru domain to Mail.ru - 220 upvotes, $2000
  16. [panel.city-mobil.ru/admin/] Blind XSS into username to Mail.ru - 218 upvotes, $750
  17. Cross application scripting via account.mail.ru to Mail.ru - 202 upvotes, $5000
  18. JMX RMI command injection on 195.211.131.82(Mail.ru Gaming) to Mail.ru - 159 upvotes, $2000
  19. Path traversal, SSTI and RCE on a MailRu acquisition to Mail.ru - 151 upvotes, $2000
  20. Information disclosure with sensitive data to Mail.ru - 151 upvotes, $1500
  21. Access to Tarantool to Mail.ru - 149 upvotes, $4000
  22. Account Takeover at worki.ru to Mail.ru - 138 upvotes, $1500
  23. XSS via message subject - mobile application to Mail.ru - 138 upvotes, $1000
  24. Account Takeover at vseapteki.ru to Mail.ru - 137 upvotes, $2000
  25. [c-api.city-mobil.ru] Client authentication bypass leads to information disclosure to Mail.ru - 136 upvotes, $8000
  26. Account TakeOver through password recovery at am.ru to Mail.ru - 134 upvotes, $3000
  27. PHP code injection at tz.mail.ru to Mail.ru - 134 upvotes, $3000
  28. worki.ru: SMS code bruteforce to Mail.ru - 129 upvotes, $1657
  29. SSRF in clients.city-mobil.ru to Mail.ru - 127 upvotes, $1500
  30. [api.pandao.ru] IDOR for order delivery address to Mail.ru - 116 upvotes, $3000
  31. [agent.33slona.ru] Recovery code bruteforce to Mail.ru - 100 upvotes, $1500
  32. Open Selenoid instance at 188.93.63.186 leads to LFR/SSRF. to Mail.ru - 92 upvotes, $6000
  33. Stored XSS to Mail.ru - 89 upvotes, $500
  34. turboslim.lady.mail.ru - Blind sql-injection. to Mail.ru - 85 upvotes, $5000
  35. Avatar upload allows arbitrary file overwriting to Mail.ru - 84 upvotes, $750
  36. Reflected XSS in https://light.mail.ru/login via page to Mail.ru - 83 upvotes, $500
  37. Blind XSS in operator's interface for 33slona.ru to Mail.ru - 82 upvotes, $600
  38. 3igames.mail.ru SQL Injection to Mail.ru - 80 upvotes, $1500
  39. Возможность зайти на любой аккаунт https://pandao.ru/ to Mail.ru - 76 upvotes, $2600
  40. Stored XSS in email to Mail.ru - 75 upvotes, $1000
  41. [https://city-mobil.ru/taxiserv] Blind XSS into username to Mail.ru - 74 upvotes, $750
  42. Дюп предметов lootdog и возможность их продавать. to Mail.ru - 73 upvotes, $5000
  43. XSS via Cookie in Mail.ru to Mail.ru - 69 upvotes, $1000
  44. [Mail.Ru Android] Typo in permission name allows to write contacts without user knowledge to Mail.ru - 69 upvotes, $150
  45. blind XXE in autodiscover parser to Mail.ru - 68 upvotes, $5000
  46. [API] ICQ user's avatar can be manipulated remotely to Mail.ru - 68 upvotes, $1000
  47. web.icq.com XSS in chat message via contact info to Mail.ru - 64 upvotes, $500
  48. [pandao.ru] Возможность списания несуществующих бонусных баллов to Mail.ru - 56 upvotes, $1000
  49. HTML injection at face.city-mobil.ru to Mail.ru - 53 upvotes, $500
  50. Error in processing gif images to Mail.ru - 53 upvotes, $250
  51. Blind SQL Injection on news.mail.ru to Mail.ru - 49 upvotes, $3000
  52. Possibility to attach any mobile number to any email to Mail.ru - 48 upvotes, $3000
  53. molotok.m.mail.ru delegated to external entity to Mail.ru - 48 upvotes, $1500
  54. Stored XSS when you read eamils. <style> to Mail.ru - 43 upvotes, $1000
  55. SSRF to Mail.ru - 43 upvotes, $500
  56. [e.mail.ru] XSS в поиске to Mail.ru - 42 upvotes, $750
  57. IDOR of users to Mail.ru - 42 upvotes, $500
  58. Leak Sensetive Data at face.city-mobil.ru to Mail.ru - 41 upvotes, $500
  59. Blind XSS Stored On Admin Panel Through Name Parameter In [ https://technoatom.mail.ru/] to Mail.ru - 41 upvotes, $250
  60. [XSS] data-url в письмах to Mail.ru - 40 upvotes, $1000
  61. [https://pandao.ru] - PUT method available to Mail.ru - 40 upvotes, $1000
  62. Source code disclosure to Mail.ru - 40 upvotes, $500
  63. Stored xss on message reply to Mail.ru - 40 upvotes, $500
  64. LRF on shared.mail.ru due to "markdown" plugin to Mail.ru - 39 upvotes, $6000
  65. API method at api.my.games allows to enumerate user emails to Mail.ru - 39 upvotes, $400
  66. [special.mail.ru] Information Disclosure to Mail.ru - 35 upvotes, $500
  67. IDOR в списке пользователей по домену в relap.io to Mail.ru - 35 upvotes, $500
  68. IDOR в списке пользователей по домену в relap.io to Mail.ru - 35 upvotes, $500
  69. Shell upload in http://widget.support.my.com/ to Mail.ru - 34 upvotes, $1000
  70. api.icq.com / возможность смотреть аватарку и название приватного чата to Mail.ru - 33 upvotes, $1000
  71. [XSS] postMessage в jsapi/button to Mail.ru - 33 upvotes, $500
  72. Blind SQL injection [https://honor.hi-tech.mail.ru] to Mail.ru - 33 upvotes, $300
  73. Disable 2FA via CSRF (Leads to 2FA Bypass) to Mail.ru - 33 upvotes, $0
  74. XSS in biz.mail.ru/error to Mail.ru - 32 upvotes, $500
  75. [api.pandao.ru] IDOR позволяет изменять адрес любого пользователя to Mail.ru - 31 upvotes, $1000
  76. Code Injection in macOS Desktop Client to Mail.ru - 31 upvotes, $100
  77. [iot-hackathon.geekbrains.ru] Tilda Subdomain Takeover to Mail.ru - 31 upvotes, $0
  78. [https://seosan.io] Account owner disclosure to Mail.ru - 30 upvotes, $150
  79. LFI in beta.mail.ru to Mail.ru - 28 upvotes, $150
  80. [o2.mail.ru] nginx alias traversal to Mail.ru - 28 upvotes, $150
  81. [screenshot.mail.ru] CRLF Injection to Mail.ru - 28 upvotes, $0
  82. allods.mail.ru sql injection to Mail.ru - 27 upvotes, $2200
  83. [city-mobil.ru/taxiserv/] Disclosure information about drivers to Mail.ru - 27 upvotes, $1500
  84. Race condition на market.games.mail.ru to Mail.ru - 27 upvotes, $1000
  85. [web.icq.com] Stored XSS in "О Контакте" to Mail.ru - 27 upvotes, $500
  86. IP address can be leaked on Image preview in ICQ for Android chat to Mail.ru - 27 upvotes, $150
  87. CSRF Vulnerability at https://aw.my.com/ to Mail.ru - 27 upvotes, $0
  88. Shell upload in partner service to Mail.ru - 25 upvotes, $500
  89. CSRF on draft message creation in tel.mail.ru to Mail.ru - 25 upvotes, $250
  90. [e.mail.ru] Stored xss in Mpop cookie to Mail.ru - 24 upvotes, $600
  91. Stored xss в пересланном сообщении. to Mail.ru - 24 upvotes, $500
  92. XSS in touch.mail.ru to Mail.ru - 24 upvotes, $500
  93. [XSS] iframe в payments/phones to Mail.ru - 24 upvotes, $500
  94. XSS via the lang parameter in a POST request on light.mail.ru to Mail.ru - 24 upvotes, $500
  95. Reflected XSS at city-mobil.ru to Mail.ru - 24 upvotes, $300
  96. JSONP hijacking to Mail.ru - 24 upvotes, $0
  97. Blind XXE on my.mail.ru to Mail.ru - 23 upvotes, $800
  98. Stored XSS in api.icq.net to Mail.ru - 23 upvotes, $150
  99. Apache server-info enabled to Mail.ru - 23 upvotes, $0
  100. Stored XSS in Review Section https://games.mail.ru/ to Mail.ru - 23 upvotes, $0
  101. Account Takeover on https://www.delivery-club.ru через партнерский аккаунт. to Mail.ru - 22 upvotes, $1000
  102. uninitilized server memory disclosure via ImageMagick in my.mail.ru and cloud.mail.ru to Mail.ru - 22 upvotes, $750
  103. СКР инжект to Mail.ru - 22 upvotes, $500
  104. Blind SSRF [ Sentry Misconfiguraton ] to Mail.ru - 22 upvotes, $250
  105. Mirror of https://city-mobil.ru admin interface to Mail.ru - 22 upvotes, $150
  106. [Web ICQ Client] XSS уязвимость в имени пользователя to Mail.ru - 21 upvotes, $1000
  107. Stored XSS in e.mail.ru (payload affect multiple users) to Mail.ru - 21 upvotes, $750
  108. Xss Reflected On spgw.terrhq.ru [ url ] to Mail.ru - 21 upvotes, $750
  109. ICQ 10.0.12371 icq: Uri Handler '-testability' URL File Insecure Library Loading Code Execution Vulnerability to Mail.ru - 21 upvotes, $500
  110. XSS web.icq.com double linkify to Mail.ru - 21 upvotes, $250
  111. Reflected XSS on https://go.mail.ru/search?fr=mn&q=<payload> to Mail.ru - 21 upvotes, $0
  112. Cross-site Scripting (XSS) - Reflected vseapteki.ru to Mail.ru - 21 upvotes, $0
  113. При передаче в ID сообщения нулевого байта, происходит вывод какого-то буфера. to Mail.ru - 20 upvotes, $3500
  114. source code leak to Mail.ru - 20 upvotes, $150
  115. ssrf xspa [https://prt.mail.ru/] 2 to Mail.ru - 20 upvotes, $150
  116. XSS in messages on geekbrains.ru to Mail.ru - 20 upvotes, $0
  117. IDOR widget.support.my.com to Mail.ru - 19 upvotes, $1000
  118. слепая XSS в админ панели torg.mail.ru через отзыв to Mail.ru - 19 upvotes, $500
  119. *..my.com open proxy to Mail.ru - 19 upvotes, $300
  120. URL redirection to Mail.ru - 19 upvotes, $0
  121. XSS at go.mail.ru to Mail.ru - 19 upvotes, $0
  122. XSS in e.mail.ru to Mail.ru - 18 upvotes, $500
  123. ICQ for macOS: lack of com.apple.quarantine meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables to Mail.ru - 18 upvotes, $150
  124. [Web ICQ Client] XSS-inj in polls to Mail.ru - 17 upvotes, $1000
  125. SSRF On [ allods.mail.ru ] to Mail.ru - 17 upvotes, $750
  126. [pandao.ru] possibility to attach arbitrary phone number to account registered via social network to Mail.ru - 17 upvotes, $750
  127. XSS on https://account.mail.ru/login via postMessage to Mail.ru - 17 upvotes, $500
  128. Account takeover via CORS misconfigutation on https://beta.delivery-club.ru to Mail.ru - 17 upvotes, $250
  129. CSRF in attach phone API endpoint on delivery-club.ru to Mail.ru - 17 upvotes, $250
  130. ОДМИН ТЭСТ to Mail.ru - 17 upvotes, $150
  131. [mobs.mail.ru] nginx path traversal via misconfigured alias to Mail.ru - 17 upvotes, $0
  132. XSS в теле письма. to Mail.ru - 16 upvotes, $1000
  133. XSS in e.mail.ru to Mail.ru - 16 upvotes, $500
  134. Bypass security fixes by downgrading version of application to Mail.ru - 16 upvotes, $250
  135. XSS on https://www.delivery-club.ru to Mail.ru - 16 upvotes, $100
  136. Web Cache Poisoning to Mail.ru - 16 upvotes, $0
  137. Gain access to random information via group chat "about" property to Mail.ru - 15 upvotes, $1000
  138. Same origin policy bypass on e.mail.ru via Cross-Site Flashing to Mail.ru - 15 upvotes, $750
  139. Blind Stored XSS to Mail.ru - 15 upvotes, $550
  140. XSS на странице account.mail.ru/recovery to Mail.ru - 15 upvotes, $500
  141. Blind SSRF on sentry.dev-my.com due to Sentry misconfiguration to Mail.ru - 15 upvotes, $500
  142. [pulse.mail.ru] Доступ к статистике чужих площадок to Mail.ru - 15 upvotes, $400
  143. Вывод значений переменных Nginx в теле страницы to Mail.ru - 15 upvotes, $300
  144. Cross-site Scripting (XSS) - Stored in ru.mail.mailapp to Mail.ru - 15 upvotes, $150
  145. [cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info' to Mail.ru - 15 upvotes, $0
  146. Account takeover at geekbrains.ru to Mail.ru - 14 upvotes, $1500
  147. Partner Account Takeover on https://www.delivery-club.ru через пользовательский аккаунт. to Mail.ru - 14 upvotes, $500
  148. XSS в нике при запросе в контакты. to Mail.ru - 14 upvotes, $250
  149. Make user buy items via clickjacking possibility to Mail.ru - 14 upvotes, $200
  150. BruteForce Any [My.com] Account Credentials. to Mail.ru - 14 upvotes, $100
  151. Reflected XSS on https://www.delivery-club.ru/ to Mail.ru - 14 upvotes, $100
  152. [element.mail.ru] /.svn/entries to Mail.ru - 14 upvotes, $0
  153. Stored XSS to Mail.ru - 14 upvotes, $0
  154. Cross site scripting vulnerability in JW Player SWF to Mail.ru - 14 upvotes, $0
  155. Race condition при покупке подарков на games.mail.ru to Mail.ru - 14 upvotes, $0
  156. XSS в теле письма, в новой версии почты. to Mail.ru - 13 upvotes, $1000
  157. SSRF на https://target.my.com/ to Mail.ru - 13 upvotes, $800
  158. reflected XSS on healt.mail.ru to Mail.ru - 13 upvotes, $500
  159. Potential SSRF in sales.mail.ru to Mail.ru - 13 upvotes, $300
  160. XSS при добавлении в чат пользователя to Mail.ru - 13 upvotes, $250
  161. Modifying application settings via clickjacking on o2.mail.ru to Mail.ru - 13 upvotes, $150
  162. IDOR on mcs.mail.ru to Mail.ru - 13 upvotes, $150
  163. idor leads to leak order information to Mail.ru - 13 upvotes, $150
  164. lootdog.io XSS to Mail.ru - 13 upvotes, $100
  165. Open Redirect on [My.com] to Mail.ru - 13 upvotes, $0
  166. [3k.mail.ru] - Content spoofing to Mail.ru - 13 upvotes, $0
  167. CSRF на лайк к отзыву (Pandao) to Mail.ru - 13 upvotes, $0
  168. Unrestricted File Upload To Xss Stored [ https://ideas.browser.mail.ru/ ] to Mail.ru - 13 upvotes, $0
  169. Bash History file log to Mail.ru - 13 upvotes, $0
  170. HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru to Mail.ru - 13 upvotes, $0
  171. Open Redirect to Mail.ru - 13 upvotes, $0
  172. Reflected XSS on am.ru and subdomains to Mail.ru - 13 upvotes, $0
  173. XSS в письме, в поле отправителя. to Mail.ru - 12 upvotes, $1000
  174. Attacker can send requests from mail.ru server to Mail.ru - 12 upvotes, $800
  175. Launch Any Activity in MyMail App to Mail.ru - 12 upvotes, $500
  176. Android MailRu Email: Thirdparty can access private data files with small user interaction to Mail.ru - 12 upvotes, $300
  177. XSS в названии лайвчата to Mail.ru - 12 upvotes, $250
  178. CSRF на calendar.mail.ru to Mail.ru - 12 upvotes, $250
  179. Раскрытие серии/номера паспорта и снилс пользователя lootdog.io to Mail.ru - 12 upvotes, $250
  180. filin.mail.ru user's e-mail address disclosure to Mail.ru - 12 upvotes, $150
  181. Path Traversal When Sharing with Cloud Mail.Ru App via a file with Crated Name to Mail.ru - 12 upvotes, $150
  182. [health.mail.ru] Раскрытие SSI сценариев to Mail.ru - 12 upvotes, $150
  183. api.icq.com / возможность присоединиться к любому чату (даже закрытому). to Mail.ru - 12 upvotes, $100
  184. CSRF on lootdog.io to Mail.ru - 12 upvotes, $100
  185. 3rd party shop admin panel blind XSS to Mail.ru - 12 upvotes, $0
  186. [rm.mail.ru] Request-Path XSS to Mail.ru - 12 upvotes, $0
  187. XSS to Mail.ru - 12 upvotes, $0
  188. Full Path Disclosure to Mail.ru - 12 upvotes, $0
  189. Дубликат: https://hackerone.com/reports/219171 (доступ к аккаунту, через сброс пароля) to Mail.ru - 11 upvotes, $1000
  190. XSS в теле письма, в блочных стилях. to Mail.ru - 11 upvotes, $1000
  191. blind XXE when uploading avatar in mymail phone app to Mail.ru - 11 upvotes, $1000
  192. Xss в https://e.mail.ru/ to Mail.ru - 11 upvotes, $500
  193. Возможность залить шелл на https://widget.operator.mail.ru to Mail.ru - 11 upvotes, $500
  194. [account.mail.ru] XSS на странице восстановления пароля to Mail.ru - 11 upvotes, $500
  195. Блокированный ящик ( Обход ) to Mail.ru - 11 upvotes, $500
  196. Stored Blind XSS to Mail.ru - 11 upvotes, $500
  197. OOB XXE to Mail.ru - 11 upvotes, $500
  198. Publicly Accessible Harshi Corp Consul to Mail.ru - 11 upvotes, $300
  199. [web.icq.com] Stored XSS in link when sending message to Mail.ru - 11 upvotes, $250
  200. Code source discloure & ability to get database information "SQL injection" in [townwars.mail.ru] to Mail.ru - 11 upvotes, $150
  201. Race condition на покупке призов за баллы to Mail.ru - 11 upvotes, $150
  202. XSS on https://www.delivery-club.ru/sd/test_330933/info/ to Mail.ru - 11 upvotes, $100
  203. CSRF на покупку товара https://lootdog.io/ to Mail.ru - 11 upvotes, $100
  204. Найден build.sh в webagent.mail.ru to Mail.ru - 11 upvotes, $100
  205. XSS через подгрузку ссылки. to Mail.ru - 11 upvotes, $0
  206. reflected xss on cycloferon.health.mail.ru to Mail.ru - 11 upvotes, $0
  207. CRLF injection mcs.mail.ru (leads to XSS) to Mail.ru - 11 upvotes, $0
  208. [moba.my.com] phpinfo, logs to Mail.ru - 11 upvotes, $0
  209. Open Redirect In passport.maps.me/logout/?next=//fb.com/ to Mail.ru - 11 upvotes, $0
  210. RCE Jira(CVE-2019–11581) [my-com.atlassian.net] to Mail.ru - 11 upvotes, $0
  211. Xss в https://e.mail.ru/ to Mail.ru - 10 upvotes, $500
  212. Reflected XSS in https://e.mail.ru/ to Mail.ru - 10 upvotes, $500
  213. Отраженная XSS на cloud.mail.ru в URL в функционале создания и редактировании презентации. to Mail.ru - 10 upvotes, $500
  214. XSS bypass Script execute,Read any file,execute any javascript code--UXSS to Mail.ru - 10 upvotes, $500
  215. Хранимая XSS ( API ) to Mail.ru - 10 upvotes, $500
  216. [dobro.city-mobil.ru] Недостаточная аутентификация (доступ к панели администратора) to Mail.ru - 10 upvotes, $500
  217. Server side request forgery to Mail.ru - 10 upvotes, $300
  218. [authdl.mail.ru] Spoofing IP address to Mail.ru - 10 upvotes, $250
  219. XSS at af.attachmail.ru to Mail.ru - 10 upvotes, $150
  220. [et.mail.ru] ssrf 2 to Mail.ru - 10 upvotes, $150
  221. SSRF/XSPA [parapa.mail.ru] 2 to Mail.ru - 10 upvotes, $150
  222. Stored self-XSS pubg.mail.ru в нескольких местах to Mail.ru - 10 upvotes, $0
  223. Disclosure of user email address and Deanonymization [mail.ru] + Blind | Stored XSS pets.mail.ru to Mail.ru - 10 upvotes, $0
  224. unauthorized access to add admin endpoint to Mail.ru - 10 upvotes, $0
  225. vk.com profile page takeover on https://cabinet.am.ru/ to Mail.ru - 10 upvotes, $0
  226. XSS в письме, в теле письма. to Mail.ru - 9 upvotes, $2000
  227. [https://city-mobil.ru/taxiserv] IDOR leads to information disclosure to Mail.ru - 9 upvotes, $1500
  228. XSS в отправителе, БЕТА-версия почты to Mail.ru - 9 upvotes, $500
  229. XSS account.mail.ru in state JSON script to Mail.ru - 9 upvotes, $500
  230. SSRF на api.icq.net to Mail.ru - 9 upvotes, $500
  231. Stealing Arbitrary Private Files of MyMail App to Mail.ru - 9 upvotes, $500
  232. Time-based sql-injection на https://puzzle.mail.ru to Mail.ru - 9 upvotes, $300
  233. XSS с помощью специально сформированного файла. to Mail.ru - 9 upvotes, $250
  234. XSS на e.mail.ru в мобильном приложении! to Mail.ru - 9 upvotes, $250
  235. Unsafe downloaded file execution to Mail.ru - 9 upvotes, $250
  236. Activities are not Protected and able to crash app using other app (Can Malware or third parry app). to Mail.ru - 9 upvotes, $150
  237. XSS https://health.mail.ru/my/ через внешнее имя аккаунта to Mail.ru - 9 upvotes, $150
  238. CSRF на добавление товара на продажу to Mail.ru - 9 upvotes, $100
  239. Cross Site Request Forgery (CSRF) to Mail.ru - 9 upvotes, $0
  240. [pokerist.mail.ru] XSS Request-URI to Mail.ru - 9 upvotes, $0
  241. CSRF Send a message at street-combats.mail.ru to Mail.ru - 9 upvotes, $0
  242. IDOR in tender.mail.ru leading to Information Disclosure to Mail.ru - 9 upvotes, $0
  243. Blind XSS pets.mail.ru/admin/ to Mail.ru - 9 upvotes, $0
  244. CSRF уязвимость позволяет взять беспроцентный кредит пользователю cfire.mail.ru to Mail.ru - 9 upvotes, $0
  245. CSRF на отправку вопроса на [games.mail.ru] to Mail.ru - 9 upvotes, $0
  246. Delete images of users with clickjacking in https://pw.mail.ru to Mail.ru - 9 upvotes, $0
  247. XSS in [community.my.games] to Mail.ru - 9 upvotes, $0
  248. A manager of a determinate group of users still might have access to any user account from any group that he doesn't administrate anymore. to Mail.ru - 8 upvotes, $500
  249. XSS on account.mail.ru/login to Mail.ru - 8 upvotes, $500
  250. [account.mail.ru] XSS на странице удаления аккаунта через backUrl to Mail.ru - 8 upvotes, $500
  251. Stored self-xss and its escalation to a victim account in e.mail.ru to Mail.ru - 8 upvotes, $500
  252. Information Disclosure - Получаем доступ к работам и к приватным презентациям к курсам to Mail.ru - 8 upvotes, $300
  253. XSS when replying / forwarding to a malicious email on iOS to Mail.ru - 8 upvotes, $250
  254. easyXDM allows cross domain postmessaging with any origin, leaking sensitive info to Mail.ru - 8 upvotes, $250
  255. Чтение системных данных приложения: данные для авторизации, логи, БД, личная переписка to Mail.ru - 8 upvotes, $150
  256. Possible to Upload Local Arbitrary Private File to the Cloud against User's Will to Mail.ru - 8 upvotes, $150
  257. [tanks.mail.ru] Internet Explorer XSS via Request-URI to Mail.ru - 8 upvotes, $0
  258. [realty.mail.ru] XSS, SSI Injection to Mail.ru - 8 upvotes, $0
  259. Stored XSS using SVG on subdomain infra.mail.ru to Mail.ru - 8 upvotes, $0
  260. XSS in delivery club to Mail.ru - 8 upvotes, $0
  261. ДОБАВЛЕНИЕ СВОИХ ДАТ В КАЛЕНДАРЬ ПОЛЬЗОВАТЕЛЮ ! to Mail.ru - 8 upvotes, $0
  262. Double authentication bypass to Mail.ru - 8 upvotes, $0
  263. Full account takeover am.ru to Mail.ru - 8 upvotes, $0
  264. [lk-cdn.3igames.mail.ru] apc.php to Mail.ru - 8 upvotes, $0
  265. XSS при загрузке изображения на [games.mail.ru] to Mail.ru - 8 upvotes, $0
  266. Content spoofing в http://my.mail.ru/cgi-bin/app/paymentm to Mail.ru - 8 upvotes, $0
  267. Reflected XSS with WAF Bypass https://pw.mail.ru to Mail.ru - 8 upvotes, $0
  268. XSS via HTTP request version in account.my.games to Mail.ru - 8 upvotes, $0
  269. xss in ub.icq.net to Mail.ru - 8 upvotes, $0
  270. Stored xss on https://go.mail.ru/ to Mail.ru - 8 upvotes, $0
  271. Чтение файлов на сервере и раскрытие директорий mediator.media to Mail.ru - 7 upvotes, $800
  272. touch.mail.ru/messages - Stored XSS to Mail.ru - 7 upvotes, $750
  273. XSS on e.mail.ru via postMessage to Mail.ru - 7 upvotes, $500
  274. [https://fleet.city-mobil.ru] Stored XSS into driver mailing to Mail.ru - 7 upvotes, $500
  275. XSS via Cookie in e.mail.ru to Mail.ru - 7 upvotes, $350
  276. XXE крит to Mail.ru - 7 upvotes, $300
  277. Download attachments with traversal path into any sdcard directory (incomplete fix 106097) to Mail.ru - 7 upvotes, $200
  278. [lootdog.io] User phone number disclosure to Mail.ru - 7 upvotes, $200
  279. [cfire.mail.ru] Time Based SQL Injection 2 to Mail.ru - 7 upvotes, $200
  280. [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References to Mail.ru - 7 upvotes, $160
  281. Cross site scripting to Mail.ru - 7 upvotes, $150
  282. XSS at https://icq.com/people to Mail.ru - 7 upvotes, $150
  283. Insecure Storage and Overly Permissive Google Maps API Key in Android App to Mail.ru - 7 upvotes, $150
  284. Http Response Splitting on thumb.cloud.mail.ru to Mail.ru - 7 upvotes, $150
  285. Загрузка png бомбы, которая начинает DDOS атаку на бота со Стикерами. to Mail.ru - 7 upvotes, $100
  286. [odnoklassniki.ru] XSS via Host to Mail.ru - 7 upvotes, $0
  287. [touch.lady.mail.ru] CRLF Injection to Mail.ru - 7 upvotes, $0
  288. [cooking.lady.mail.ru] Open Redirect to Mail.ru - 7 upvotes, $0
  289. Reflected XSS in delivery-club.ru to Mail.ru - 7 upvotes, $0
  290. Reflected cross site scripting at https://auto.mail.ru/reviews/add_review/ via problems_text parameter. to Mail.ru - 7 upvotes, $0
  291. Seven DOM-Based XSS Vulnerabilities | Execution in Login Sequence to Mail.ru - 7 upvotes, $0
  292. CSRF on /subscription_manage.php endpoint at allods.mail.ru to Mail.ru - 7 upvotes, $0
  293. Reference to external uncontrolled resource in terrhq.ru to Mail.ru - 7 upvotes, $0
  294. PHP-FPM Status Page to Mail.ru - 7 upvotes, $0
  295. astrumnival.com subdomain to Mail.ru - 7 upvotes, $0
  296. Brute-force any email account through allods.mail.ru to Mail.ru - 7 upvotes, $0
  297. CSRF on https://market.my.games to Mail.ru - 7 upvotes, $0
  298. [city-mobil.ru/taxiserv/] IDOR leads to driver account takeover to Mail.ru - 6 upvotes, $8000
  299. Possibility to view subdepartments for arbitrary domain to Mail.ru - 6 upvotes, $500
  300. XSS уязвимость to Mail.ru - 6 upvotes, $500
  301. XSS e.mail.ru fixSpecialSymbols to Mail.ru - 6 upvotes, $500
  302. XSS touch.mail.ru compose Body to Mail.ru - 6 upvotes, $500
  303. [sso.33slona.ru] Application Messages Error stacktrace PHP. to Mail.ru - 6 upvotes, $400
  304. [connect.mail.ru] Memory Disclosure / IE XSS to Mail.ru - 6 upvotes, $250
  305. Stored XSS and html injection in biz.mail.ru to Mail.ru - 6 upvotes, $250
  306. XSS ( Работа с письмами ) to Mail.ru - 6 upvotes, $250
  307. bgplay.mail.ru to Mail.ru - 6 upvotes, $200
  308. XSS в портальной навигации to Mail.ru - 6 upvotes, $150
  309. Unupdated ImageMagic leads to uninitialized server memory disclosure to Mail.ru - 6 upvotes, $150
  310. The auth token does not expire on logging out and even after logging out all sessions to Mail.ru - 6 upvotes, $100
  311. Раскрытие IP, почты и другой полезной информации lootdog.io to Mail.ru - 6 upvotes, $100
  312. Доступ к аккаунту после смены пароля. to Mail.ru - 6 upvotes, $100
  313. [rabota.mail.ru] Open Redirect to Mail.ru - 6 upvotes, $0
  314. [ml.money.mail.ru] Open Redirect to Mail.ru - 6 upvotes, $0
  315. [qpt.mail.ru] CRLF Injection / Open Redirect to Mail.ru - 6 upvotes, $0
  316. [otus.p.mail.ru] Full Path Disclosure to Mail.ru - 6 upvotes, $0
  317. Open Redirection at https://it.mail.ru/ to Mail.ru - 6 upvotes, $0
  318. Reflected XSS on frag.mail.ru to Mail.ru - 6 upvotes, $0
  319. xss на нескольких форумах игр от mail.ru (Cross-Site Scripting) to Mail.ru - 6 upvotes, $0
  320. CRLF инъекция на https://tz.mail.ru to Mail.ru - 6 upvotes, $0
  321. api.icq.com / возможность написать кому угодно (даже icqsystem) to Mail.ru - 6 upvotes, $0
  322. Хранимая XSS в пожертованиях на dobro.mail.ru to Mail.ru - 6 upvotes, $0
  323. [hs.mail.ru] XSS play_now.php to Mail.ru - 6 upvotes, $0
  324. [hs.mail.ru] CRLF Injection / XSS to Mail.ru - 6 upvotes, $0
  325. [gamesventures.mail.ru] Publicly accessible GIT directory to Mail.ru - 6 upvotes, $0
  326. [new.wf.mail.ru] XSS Request-URI to Mail.ru - 6 upvotes, $0
  327. [evo2.my.com] Internet Explorer XSS to Mail.ru - 6 upvotes, $0
  328. [info.tmgame.mail.ru] Apache Server Status to Mail.ru - 6 upvotes, $0
  329. CSRF на загрузку изображения Pandao to Mail.ru - 6 upvotes, $0
  330. CSRF при вводе промокода на Pandao to Mail.ru - 6 upvotes, $0
  331. benchmark metrics available at 5.61.239.154 to Mail.ru - 6 upvotes, $0
  332. PHP-FPM Status Page to Mail.ru - 6 upvotes, $0
  333. XSS на сайте https://warofdragons.my.games/. to Mail.ru - 6 upvotes, $0
  334. [my.games] Stored XSS via untrusted bucket to Mail.ru - 6 upvotes, $0
  335. VERY DANGEROUS XSS STORED inside emails to Mail.ru - 5 upvotes, $600
  336. OOB XXE to Mail.ru - 5 upvotes, $500
  337. Uninitilized server memory disclosure via ImageMagick to Mail.ru - 5 upvotes, $300
  338. sql to Mail.ru - 5 upvotes, $300
  339. Mail.ru for Android Content Provider Vulnerability to Mail.ru - 5 upvotes, $250
  340. CSRF. Удаление адресной книги, добавление контактов to Mail.ru - 5 upvotes, $250
  341. Information Disclosure [ https://curious.ru/api/submissions ] to Mail.ru - 5 upvotes, $250
  342. By pass admin panel [seminars.mail.ru] to Mail.ru - 5 upvotes, $150
  343. invalid handling of redirect_uri at o2.mail.ru/jsapi/button to Mail.ru - 5 upvotes, $150
  344. Mail.Ru Top - Website Counter Bruteforcing to Mail.ru - 5 upvotes, $150
  345. ssl cookkie without secure flag set to Mail.ru - 5 upvotes, $100
  346. Disclosure of information on static.dl.mail.ru to Mail.ru - 5 upvotes, $0
  347. [w1.dwar.ru] Core Dump to Mail.ru - 5 upvotes, $0
  348. Open Redirect to Mail.ru - 5 upvotes, $0
  349. Открытое перенапровление на OpenID to Mail.ru - 5 upvotes, $0
  350. api.icq.com / возможность отредактировать текст любого пользователя или группы переслав его. to Mail.ru - 5 upvotes, $0
  351. Local paths disclosure through error message to Mail.ru - 5 upvotes, $0
  352. [sj.my.com] Source Code Disclosure /.svn/wc.db to Mail.ru - 5 upvotes, $0
  353. [sputnik.mail.ru] Publicly accessible GIT directory to Mail.ru - 5 upvotes, $0
  354. [FG-VD-17-115] Mail.ru's Amigo Browser DLL Pre-Loading Vulnerability Notification to Mail.ru - 5 upvotes, $0
  355. Public available Sensitive Information about drivers to Mail.ru - 5 upvotes, $0
  356. [v7lk.relap.io] Sending arbitrary emails to any user to Mail.ru - 5 upvotes, $0
  357. Self-xss via drag&drop in email form to Mail.ru - 4 upvotes, $300
  358. HTML Injection на e.mail.ru to Mail.ru - 4 upvotes, $250
  359. Раскрытие информации о совершенных операциях to Mail.ru - 4 upvotes, $250
  360. [my.mail.ru] CRLF Injection to Mail.ru - 4 upvotes, $160
  361. [townwars.mail.ru] Time-Based SQL Injection to Mail.ru - 4 upvotes, $150
  362. [parapa.mail.ru] SQL Injection reapet to Mail.ru - 4 upvotes, $150
  363. [my.mail.ru] HTML injection в письмах от [email protected] to Mail.ru - 4 upvotes, $100
  364. [online.games.mail.ru] - Sensitive information disclosure to Mail.ru - 4 upvotes, $100
  365. [opensource.mail.ru] system accounts enumeration to Mail.ru - 4 upvotes, $0
  366. Full Path Disclosure to Mail.ru - 4 upvotes, $0
  367. [mrgs.mail.ru] Internet Explorer XSS via Request-URI to Mail.ru - 4 upvotes, $0
  368. [3k.mail.ru] Content Spoofing to Mail.ru - 4 upvotes, $0
  369. [allods.my.com] Full Path Disclosure to Mail.ru - 4 upvotes, $0
  370. [otus.p.mail.ru] CRLF Injection to Mail.ru - 4 upvotes, $0
  371. [allods.mail.ru] Reflected XSS to Mail.ru - 4 upvotes, $0
  372. [gitmm.corp.mail.ru] Auth Bypass, Information Disclosure to Mail.ru - 4 upvotes, $0
  373. Reflected XSS на https://aw.mail.ru/news/ to Mail.ru - 4 upvotes, $0
  374. Clickjacking Full account takeover and editing the personal information at [account.my.com] to Mail.ru - 4 upvotes, $0
  375. Monitor to Mail.ru - 4 upvotes, $0
  376. [afisha.mail.ru] HTML-инъекция через XSS на портале виджета to Mail.ru - 4 upvotes, $0
  377. [maps.me] Reflected XSS to Mail.ru - 4 upvotes, $0
  378. api.icq.com / отсутсвие лимита на отправку сообщений удаляя параметр защиты "&r" to Mail.ru - 4 upvotes, $0
  379. Открытая информация phpinfo() на сайте https://agent.mail.ru to Mail.ru - 4 upvotes, $0
  380. CSRF на biz.mail.ru to Mail.ru - 4 upvotes, $0
  381. [target.my.com] CRLF Injection -> XSS to Mail.ru - 4 upvotes, $0
  382. [beta.tracker.my.com] XSS Request-URI to Mail.ru - 4 upvotes, $0
  383. CSRF на удаление товара из корзины to Mail.ru - 4 upvotes, $0
  384. XSS to Mail.ru - 4 upvotes, $0
  385. xss to Mail.ru - 4 upvotes, $0
  386. Rails application running in development mode to Mail.ru - 4 upvotes, $0
  387. self XSS на странице https://aw.mail.ru/pin/ to Mail.ru - 4 upvotes, $0
  388. [auto.mail.ru] IDOR на редактирование поста любого юзера. to Mail.ru - 4 upvotes, $0
  389. Открытые сорцы to Mail.ru - 4 upvotes, $0
  390. Information Disclosure on {http://pro.tracker.my.com} to Mail.ru - 4 upvotes, $0
  391. XXE and SSRF on webmaster.mail.ru to Mail.ru - 3 upvotes, $700
  392. Admin panel access restrictions bypass [poll.mail.ru/admin/] to Mail.ru - 3 upvotes, $500
  393. [e.mail.ru] XSS на странице отправки денежного перевода to Mail.ru - 3 upvotes, $500
  394. XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use) to Mail.ru - 3 upvotes, $400
  395. [s.mail.ru] CRLF Injection to Mail.ru - 3 upvotes, $250
  396. OpenSSL HeartBleed (CVE-2014-0160) to Mail.ru - 3 upvotes, $200
  397. SSRF/XSPA [parapa.mail.ru] to Mail.ru - 3 upvotes, $150
  398. ICQ Windows Application is Vulnerable to DLL Search Order Hijacking to Mail.ru - 3 upvotes, $100
  399. [tz.mail.ru] XSS в функционале авторизации to Mail.ru - 3 upvotes, $0
  400. Back Refresh Attack after registration and successful logout to Mail.ru - 3 upvotes, $0
  401. [corp.mail.ru] CRLF Injection / Insecure nginx configuration to Mail.ru - 3 upvotes, $0
  402. [support.my.com] Internet Explorer XSS to Mail.ru - 3 upvotes, $0
  403. [torg.mail.ru] CRLF Injection to Mail.ru - 3 upvotes, $0
  404. [api.login.icq.net] Open Redirect to Mail.ru - 3 upvotes, $0
  405. [api.login.icq.net] Reflected XSS to Mail.ru - 3 upvotes, $0
  406. [opensource.mail.ru] Debug Mode to Mail.ru - 3 upvotes, $0
  407. [allods.my.com] Full SQL Disclosure to Mail.ru - 3 upvotes, $0
  408. [it.mail.ru] Open Redirect to Mail.ru - 3 upvotes, $0
  409. [allods.mail.ru] Cross-Site Request Forgery (Add-Item) to Mail.ru - 3 upvotes, $0
  410. Open Redirect to Mail.ru - 3 upvotes, $0
  411. Reflected XSS on hi-tech.mail.ru to Mail.ru - 3 upvotes, $0
  412. Reflected XSS. to Mail.ru - 3 upvotes, $0
  413. Apache Server-Status Detected to Mail.ru - 3 upvotes, $0
  414. Logical Vulnerability : REDIRECTING on pw.mail.ru by Parameter Spoofing to Mail.ru - 3 upvotes, $0
  415. [tanks.mail.ru] Open Redirect to Mail.ru - 3 upvotes, $0
  416. Stored XSS на странице pubg.mail.ru/community to Mail.ru - 3 upvotes, $0
  417. Phpinfo to Mail.ru - 3 upvotes, $0
  418. Открытая панель to Mail.ru - 3 upvotes, $0
  419. Settings page in https://support.my.com is vulnerable to clickjacking to Mail.ru - 3 upvotes, $0
  420. mailgun subdomain takeover on "email.mail.geekbrains.ru" to Mail.ru - 3 upvotes, $0
  421. [capsula.mail.ru] overriding order info to Mail.ru - 3 upvotes, $0
  422. Same Origin Policy bypass to Mail.ru - 2 upvotes, $600
  423. Ошибка фильтрации to Mail.ru - 2 upvotes, $500
  424. FLV FILE FORMAT (AUDIOSES.DLL) Out of Bounds to Mail.ru - 2 upvotes, $500
  425. [babel.mail.ru] Admin Page Found to Mail.ru - 2 upvotes, $400
  426. [tidaltrek.mail.ru] SQL Injection to Mail.ru - 2 upvotes, $150
  427. By pass admin panel [conference.mail.ru] to Mail.ru - 2 upvotes, $150
  428. ssrf xspa [https://prt.mail.ru/] to Mail.ru - 2 upvotes, $150
  429. Possible tokens leak on ws-app.city-mobil.ru to Mail.ru - 2 upvotes, $150
  430. Reflected XSS connect.mail.ru (IE6-IE8) to Mail.ru - 2 upvotes, $0
  431. tp-demo1.corp.mail.ru: SVN наружу торчит to Mail.ru - 2 upvotes, $0
  432. [start.icq.com] Reflected XSS via Cookies to Mail.ru - 2 upvotes, $0
  433. [ling.go.mail.ru] Server-Status opened for all users to Mail.ru - 2 upvotes, $0
  434. Авторизуюсь от имени любого пользователя parapa.mail.ru to Mail.ru - 2 upvotes, $0
  435. [sales.mail.ru] CRLF Injection to Mail.ru - 2 upvotes, $0
  436. AXFR на plexus.m.smailru.net работает to Mail.ru - 2 upvotes, $0
  437. BRUTE FORCE ATTACK to Mail.ru - 2 upvotes, $0
  438. Stored XSS на street-combats.mail.ru to Mail.ru - 2 upvotes, $0
  439. Reflected XSS. to Mail.ru - 2 upvotes, $0
  440. Излишние права при авторизации через интерфейс mail.ru to Mail.ru - 2 upvotes, $0
  441. [warofdragons.com] Content Spoofing to Mail.ru - 2 upvotes, $0
  442. [s2.jugger.ru] Content Spoofing to Mail.ru - 2 upvotes, $0
  443. [tanks.mail.ru] Content Spoofing to Mail.ru - 2 upvotes, $0
  444. [aw.my.com] Reflected XSS to Mail.ru - 2 upvotes, $0
  445. Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/ to Mail.ru - 2 upvotes, $0
  446. DNS Misconfiguration to Mail.ru - 2 upvotes, $0
  447. XSS on New contact to Mail.ru - 2 upvotes, $0
  448. ssl cookie without secure flag set to Mail.ru - 2 upvotes, $0
  449. Множественные уязвимости приложения Mail.Ru Почта (Android) to Mail.ru - 2 upvotes, $0
  450. Открытый .htaccess на cookery.zakazaka.ru to Mail.ru - 2 upvotes, $0
  451. xss to Mail.ru - 2 upvotes, $0
  452. Stored XSS at branded site in .mail.ru domain to Mail.ru - 2 upvotes, $0
  453. [staging.tarantool.org] Github Pages Subdomain-take-over to Mail.ru - 2 upvotes, $0
  454. CRLF Injection in 301 Redirect allow to Set-Cookies for mail.ru to Mail.ru - 2 upvotes, $0
  455. Ability to find out the name of the database table and its columns to Mail.ru - 2 upvotes, $0
  456. relap.io CSRF bypass on adding domain to use relap widgets to Mail.ru - 2 upvotes, $0
  457. Cross-Site Request Forgery (CSRF) in my.games API to Mail.ru - 2 upvotes, $0
  458. XSS on https://deti.mail.ru/ to Mail.ru - 2 upvotes, $0
  459. e.mail.ru: File upload "Chapito" circus to Mail.ru - 1 upvotes, $1000
  460. XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply при ответе на специальным образом сформированное письмо to Mail.ru - 1 upvotes, $500
  461. reflected in xss to Mail.ru - 1 upvotes, $500
  462. e.mail.ru: SMS spam with custom content to Mail.ru - 1 upvotes, $400
  463. store-agent.mail.ru: stacked blind injection to Mail.ru - 1 upvotes, $400
  464. Stored XSS on http://top.mail.ru to Mail.ru - 1 upvotes, $300
  465. RCE через JDWP to Mail.ru - 1 upvotes, $300
  466. [orsotenslimselfie.lady.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $300
  467. tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password to Mail.ru - 1 upvotes, $200
  468. Clickjacking to Mail.ru - 1 upvotes, $150
  469. Stored XSS on http://cards.mail.ru to Mail.ru - 1 upvotes, $150
  470. [3k.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
  471. SQL Injection to Mail.ru - 1 upvotes, $150
  472. [tidaltrek.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
  473. No bruteforce protection leads to enumeration of emails in http://e.mail.ru/ to Mail.ru - 1 upvotes, $100
  474. Раскрытие номера мобильного телефона при двухфакторной аутентификации to Mail.ru - 1 upvotes, $100
  475. Admin panel of http://tp-test1.corp.mail.ru/ is acccessible publicly to Mail.ru - 1 upvotes, $0
  476. Flash XSS - http://hi-tech.mail.ru/ to Mail.ru - 1 upvotes, $0
  477. Flash XSS in http://go.mail.ru to Mail.ru - 1 upvotes, $0
  478. rs.mail.ru - Flash Based XSS to Mail.ru - 1 upvotes, $0
  479. Version Disclosure (NginX) to Mail.ru - 1 upvotes, $0
  480. Flash XSS in http://lingvo.mail.ru to Mail.ru - 1 upvotes, $0
  481. Раскрытие полного серверного пути to Mail.ru - 1 upvotes, $0
  482. Content Spoofing vulnerability in Mail.ru mobile to Mail.ru - 1 upvotes, $0
  483. files.mail.ru: XSS to Mail.ru - 1 upvotes, $0
  484. https://voip.agent.mail.ru/phpinfo.php to Mail.ru - 1 upvotes, $0
  485. Vulnerability :- "XSS vulnerability" to Mail.ru - 1 upvotes, $0
  486. Reflective Xss on news.mail.ru and admin.news.mail.ru to Mail.ru - 1 upvotes, $0
  487. Выполнение кода PHP через FastCGI to Mail.ru - 1 upvotes, $0
  488. Flash XSS на old.corp.mail.ru to Mail.ru - 1 upvotes, $0
  489. Multiple vulnerabilities in mail.ru subdomains to Mail.ru - 1 upvotes, $0
  490. Reflected XSS на games.mail.ru to Mail.ru - 1 upvotes, $0
  491. Insecure cookies without httpOnly flag set to Mail.ru - 1 upvotes, $0
  492. Утечка информации через JSONP (XXSI) to Mail.ru - 1 upvotes, $0
  493. Reflected XSS @ games.mail.ru to Mail.ru - 1 upvotes, $0
  494. Обход basic авторизации [qpt.mail.ru] to Mail.ru - 1 upvotes, $0
  495. [legal.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  496. [allods.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  497. [id.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  498. [furry.aw.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  499. [evo2.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  500. [evo.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  501. [mg.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  502. [support.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  503. [wos.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  504. [account.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  505. [lucky-fields.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  506. [sf.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  507. [games.my.com] Reflected XSS to Mail.ru - 1 upvotes, $0
  508. [dl.beepcar.ru] CRLF Injection to Mail.ru - 1 upvotes, $0
  509. Cross-Site Request Forgery to Mail.ru - 1 upvotes, $0
  510. сервант статус to Mail.ru - 1 upvotes, $0
  511. phpinfo to Mail.ru - 1 upvotes, $0
  512. XSS to Mail.ru - 1 upvotes, $0
  513. donationalerts.com limitations bypass to Mail.ru - 1 upvotes, $0
  514. XSS via .eml file to Mail.ru - 0 upvotes, $1337
  515. https://217.69.135.63/rb/: money.mail.ru sources disclosure to Mail.ru - 0 upvotes, $1000
  516. XSS in a file or folder name to Mail.ru - 0 upvotes, $500
  517. touch.mail.ru XSS via message id to Mail.ru - 0 upvotes, $500
  518. e.mail.ru stored XSS in agent via sticker (smile) to Mail.ru - 0 upvotes, $500
  519. auth.mail.ru: XSS in login form to Mail.ru - 0 upvotes, $500
  520. http://fitter1.i.mail.ru/browser/ торчит Graphite в мир to Mail.ru - 0 upvotes, $400
  521. connect.mail.ru: SSRF to Mail.ru - 0 upvotes, $300
  522. [api.allodsteam.com] Authentication Data to Mail.ru - 0 upvotes, $300
  523. [afisha.mail.ru] SQL Injection to Mail.ru - 0 upvotes, $300
  524. SQL injection update.mail.ru to Mail.ru - 0 upvotes, $250
  525. Home page reflected XSS to Mail.ru - 0 upvotes, $250
  526. SSRF на element.mail.ru to Mail.ru - 0 upvotes, $250
  527. SQL injection [дырка в движке форума] to Mail.ru - 0 upvotes, $200
  528. Time based sql injection to Mail.ru - 0 upvotes, $200
  529. Possible xWork classLoader RCE: shared.mail.ru to Mail.ru - 0 upvotes, $200
  530. SQL inj to Mail.ru - 0 upvotes, $150
  531. SQL to Mail.ru - 0 upvotes, $150
  532. SQL inj to Mail.ru - 0 upvotes, $150
  533. SQL Injection on 11x11.mail.ru to Mail.ru - 0 upvotes, $150
  534. localStorage не чистится после выхода to Mail.ru - 0 upvotes, $150
  535. money.mail.ru: Странное поведение SMS to Mail.ru - 0 upvotes, $150
  536. cloud.mail.ru: File upload XSS using Content-Type header to Mail.ru - 0 upvotes, $150
  537. Heartbleed: my.com (185.30.178.33) port 1433 to Mail.ru - 0 upvotes, $150
  538. scfbp.tng.mail.ru: Heartbleed to Mail.ru - 0 upvotes, $150
  539. HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp to Mail.ru - 0 upvotes, $150
  540. Hadoop Node available to public to Mail.ru - 0 upvotes, $150
  541. http://tp-dev1.tp.smailru.net/ to Mail.ru - 0 upvotes, $150
  542. [cfire.mail.ru] Time Based SQL Injection to Mail.ru - 0 upvotes, $150
  543. [parapa.mail.ru] SQL Injection to Mail.ru - 0 upvotes, $150
  544. [allods.my.com] SSRF / XSPA to Mail.ru - 0 upvotes, $150
  545. Time-Based Blind SQL Injection Attacks to Mail.ru - 0 upvotes, $150
  546. m.agent.mail.ru: Подделываем j2me app-descriptor to Mail.ru - 0 upvotes, $100
  547. Unproper usage of Mobile Number that will lead to Information Disclosure to Mail.ru - 0 upvotes, $0
  548. Login without SSL-Protection to Mail.ru - 0 upvotes, $0
  549. Persistent XSS in afisha.mail.ru to Mail.ru - 0 upvotes, $0
  550. No CSRF token used in Phone Verification POST to Mail.ru - 0 upvotes, $0
  551. XSS in "About Video" to Mail.ru - 0 upvotes, $0
  552. Xss On http://my.mail.ru/ to Mail.ru - 0 upvotes, $0
  553. Clicjacking on Login panel to Mail.ru - 0 upvotes, $0
  554. Reflected XSS to Mail.ru - 0 upvotes, $0
  555. Reflected XSS to Mail.ru - 0 upvotes, $0
  556. Reflected XSS in User-Agent to Mail.ru - 0 upvotes, $0
  557. (m.mail.ru) Password type input with auto-complete enabled to Mail.ru - 0 upvotes, $0
  558. Раскрытие путей сервера за счёт неопределённого индекса в сценарии /home/berserk-online.com/public_html/forum/Themes/berserker/Profile.template.php to Mail.ru - 0 upvotes, $0
  559. Нежелательная информация to Mail.ru - 0 upvotes, $0
  560. XSS Vulnerability in cfire.mail.ru/screen/1/ to Mail.ru - 0 upvotes, $0
  561. XSS in realty.mail.ru to Mail.ru - 0 upvotes, $0
  562. XSS in ad.mail.ru to Mail.ru - 0 upvotes, $0
  563. XSS in touch.sports.mail.ru to Mail.ru - 0 upvotes, $0
  564. Перечисление каталогов за счёт уязвимости в IIS to Mail.ru - 0 upvotes, $0
  565. api.video.mail.ru: XSS to Mail.ru - 0 upvotes, $0
  566. touch.afisha.mail.ru: XSS to Mail.ru - 0 upvotes, $0
  567. my.mail.ru: HTTP Header Injection to Mail.ru - 0 upvotes, $0
  568. target.mail.ru: XSS через Referer to Mail.ru - 0 upvotes, $0
  569. target.mail.ru: XSS to Mail.ru - 0 upvotes, $0
  570. Не уверен, что этому место на периметре: 94.100.180.95, 94.100.180.96, 94.100.180.97, 94.100.180.98 to Mail.ru - 0 upvotes, $0
  571. files.mail.ru: HTTP Header Injection to Mail.ru - 0 upvotes, $0
  572. 3k.mail.ru: XSS to Mail.ru - 0 upvotes, $0
  573. /surveys/2auth: DOM-based XSS to Mail.ru - 0 upvotes, $0
  574. http://217.69.136.200/?p=2&c=Fetcher%20cluster&h=fetcher1.mail.ru to Mail.ru - 0 upvotes, $0
  575. GET /surveys/2auth: XSS to Mail.ru - 0 upvotes, $0
  576. help2.m.smailru.net: XSS to Mail.ru - 0 upvotes, $0
  577. [riot.mail.ru] Reflected XSS in debug-mode to Mail.ru - 0 upvotes, $0
  578. Flash XSS on img.mail.ru to Mail.ru - 0 upvotes, $0
  579. XSS at forum : to Mail.ru - 0 upvotes, $0
  580. Cross Site Scripting to Mail.ru - 0 upvotes, $0
  581. Получаем все домены и поддомены icq с помощью amazonaws.com [config,txt] to Mail.ru - 0 upvotes, $0
  582. пхпинфо to Mail.ru - 0 upvotes, $0
  583. SVN repository to Mail.ru - 0 upvotes, $0
  584. Self XSS via help.mail.ru interface to Mail.ru - 0 upvotes, $0

Back