Mailru


Most disclosed vulnerability type (71 disclosures) — Cross-site Scripting (XSS) - Generic

isox has disclosed the most with 35 reports!

535 total issues disclosed

$402,047 total paid publicly


Accepts reports via HackerOne

Mailru's top public payouts




Most recently disclosed


Disclosure of personal support email addresses on 'support-fleet.city-mobil.ru'

@ Submitted by olidayw
Bug Type: Information Disclosure

Disclosed on 2020-11-11

Rating: Low


Path traversal on bank.mail.ru ( CVE-2013-3827 )

@ Submitted by st00rm
Bug Type: Path Traversal

Disclosed on 2020-11-04

Rating: Medium


cross site scripting bypass session

@ Submitted by dennisleo6
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-11-04

Rating: High


Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv

@ Submitted by jayesh25
Bug Type: Improper Authentication - Generic

Disclosed on 2020-11-03

Rating: High


mrgs.my.games account takeover

@ Submitted by maxarr
Bug Type: Improper Access Control - Generic

Disclosed on 2020-11-03

Rating: High


[my.games, lootdog.io] XSS via MCS Bucket

@ Submitted by bobrov
Bug Type: Cross-site Scripting (XSS) - Stored

Disclosed on 2020-10-31

Rating: Medium


SQL LIKE clauses wildcard injection

@ Submitted by bazzy
Bug Type: SQL Injection

Disclosed on 2020-10-31

Rating: No rating


Rating: None


SQL Injection [unauthenticated] with direct output at https://news.mail.ru/

@ Submitted by derision
Bug Type: SQL Injection

Disclosed on 2020-10-30

Rating: High


Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru

@ Submitted by haxonaut
Bug Type: SQL Injection

Disclosed on 2020-10-29

Rating: High


Логи на http://login.aa.mail.ru/logs/

@ Submitted by devirok
Bug Type: Information Disclosure

Disclosed on 2020-10-28

Rating: Low


Reflected XSS on https://e.mail.ru/compose/ via Body parameter

@ Submitted by panya
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-10-27

Rating: Medium


Cross-site Scripting (XSS) - DOM on https://account.mail.ru/user/garage?back_url=https://mail.ru

@ Submitted by magzhan
Bug Type: Cross-site Scripting (XSS) - DOM

Disclosed on 2020-10-27

Rating: High


[combo.mail.ru] SMS code bruteforce

@ Submitted by esetal
Bug Type: Brute Force

Disclosed on 2020-10-27

Rating: High


Stored XSS through fileupload

@ Submitted by ther3d0ne
Bug Type: Cross-site Scripting (XSS) - Stored

Disclosed on 2020-10-27

Rating: Medium