Mailru


Most disclosed vulnerability type (71 disclosures) — Cross-site Scripting (XSS) - Generic

isox has disclosed the most with 35 reports!

542 total issues disclosed

$406,097 total paid publicly


Accepts reports via HackerOne

Mailru's top public payouts




Most recently disclosed


Information Disclosure

@ Submitted by steal_wart
Bug Type: Information Disclosure

Disclosed on 2020-11-25

Rating: None


lenta_proxy information disclosure

@ Submitted by naategh
Bug Type: Information Exposure Through an Error Message

Disclosed on 2020-11-25

Rating: Medium


Blind SSRF on http://info.ucs.ru/settings/check/

@ Submitted by elmahdi
Bug Type: Server-Side Request Forgery (SSRF)

Disclosed on 2020-11-25

Rating: Medium


the same as #948259 - XSS at jsgames.mail.ru

@ Submitted by sodium_
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-11-25

Rating: Low


Redmin API Key Exposed In GIthub

@ Submitted by elmahdi
Bug Type: Information Disclosure

Disclosed on 2020-11-25

Rating: Medium


Source code and internal credentials disclosure

@ Submitted by paul_axe
Bug Type: Information Disclosure

Disclosed on 2020-11-25

Rating: High


Access User Tickets via IDOR in [widget.support.my.games]

@ Submitted by sicksec
Bug Type: None supplied

Disclosed on 2020-11-25

Rating: High


Disclosure of personal support email addresses on 'support-fleet.city-mobil.ru'

@ Submitted by olidayw
Bug Type: Information Disclosure

Disclosed on 2020-11-11

Rating: Low


Path traversal on bank.mail.ru ( CVE-2013-3827 )

@ Submitted by st00rm
Bug Type: Path Traversal

Disclosed on 2020-11-04

Rating: Medium


cross site scripting bypass session

@ Submitted by dennisleo6
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-11-04

Rating: High


mrgs.my.games account takeover

@ Submitted by maxarr
Bug Type: Improper Access Control - Generic

Disclosed on 2020-11-03

Rating: High


Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv

@ Submitted by jayesh25
Bug Type: Improper Authentication - Generic

Disclosed on 2020-11-03

Rating: High


[my.games, lootdog.io] XSS via MCS Bucket

@ Submitted by bobrov
Bug Type: Cross-site Scripting (XSS) - Stored

Disclosed on 2020-10-31

Rating: Medium


SQL LIKE clauses wildcard injection

@ Submitted by bazzy
Bug Type: SQL Injection

Disclosed on 2020-10-31

Rating: No rating


Rating: None