| Отсутствие CSRF ключа на функции Закрытый Профиль. |
Cross-Site Request Forgery (CSRF) |
iframe |
Critical |
2020-05-15 |
| [insideok.ru] Remote Command Execution via file upload. |
Command Injection - Generic |
iframe |
Critical |
2019-09-20 |
| Privilege Escalation удаляем все созданные ссылки с okl.lt |
Privilege Escalation |
iframe |
Critical |
2019-07-23 |
| Plain text password for 'unknown' user exist in URL when opening jira.apiok.ru |
Plaintext Storage of a Password |
exadmin |
Low |
2019-06-17 |
| ВИП подарки бесплатные без подключения ВИП услуги |
None supplied |
isaeva |
Medium |
2018-09-05 |
| Обход функций закрытого профиля, получения возможности комментировать закрытые подарки и просматривать их |
None supplied |
isaeva |
Medium |
2018-09-05 |
| Privacy violation для аттачей в сообщениях. |
Privacy Violation |
iframe |
High |
2018-08-22 |
| Очень жесткая XSS в личных сообщениях m.ok.ru |
Cross-site Scripting (XSS) - Stored |
lincoln9932 |
Critical |
2018-06-30 |
| [insideok.ru] Database Dump |
Improper Authentication - Generic |
bigbear_ |
High |
2018-04-25 |
| XSS в личных сообщениях |
None supplied |
lincoln9932 |
High |
2018-01-13 |
| Blind SQL Injection |
SQL Injection |
linkks |
Critical |
2017-04-20 |
| cross siite scripting in the blog |
Cross-site Scripting (XSS) - Generic |
cyberboy |
No rating |
2017-04-17 |
| web.xml configuration file disclosure |
Information Disclosure |
linkks |
Low |
2017-04-10 |
| Stored XSS в имени песни (2) на платёжном гейте. |
Cross-site Scripting (XSS) - Generic |
4lemon |
No rating |
2017-03-20 |
| Покупка=>скачка песен, которые не предназначены для продажи |
None supplied |
4lemon |
No rating |
2017-03-20 |
| Xss in m.ok.ru |
Cross-site Scripting (XSS) - Generic |
hamooda_anonphantom |
No rating |
2016-10-04 |
| http://217.20.144.201 privilege escalation in apache tomcat SessionEample-script |
Privilege Escalation |
mthirup |
No rating |
2016-08-29 |
| Critical : Access to group videos where videos are restricted for all users(Broken authentication ) |
Improper Authentication - Generic |
vijay_kumar1110 |
No rating |
2016-08-01 |
| Multiple critical vulnerabilities in Odnoklassniki Android application |
None supplied |
hardc0re |
No rating |
2016-07-27 |
| Missing proper error message. |
Violation of Secure Design Principles |
exploitraja |
No rating |
2016-07-21 |
| xss in group |
Cross-site Scripting (XSS) - Generic |
ashishdhaduk |
No rating |
2016-07-10 |
| Same-Origin Policy bypass on main domain - ok.ru |
None supplied |
zoczus |
No rating |
2016-05-04 |
| Same-Origin Policy Bypass #2 |
None supplied |
zoczus |
No rating |
2016-05-04 |
| (URGENT!) Покупка OK дешевле, чем он стоит |
Violation of Secure Design Principles |
4lemon |
No rating |
2016-04-29 |
| Доступ к чужим групповым беседам. |
Privilege Escalation |
4lemon |
No rating |
2016-04-29 |
| Покупка песни дешевле, чем она стоит. |
None supplied |
4lemon |
No rating |
2016-04-29 |
| Доступ к чужим приватным фотографиям (3) через обложку видео |
Privilege Escalation |
4lemon |
No rating |
2016-04-29 |
| Обход защиты от csrf-ок в m.ok.ru |
Cross-Site Request Forgery (CSRF) |
ragnar |
No rating |
2016-03-18 |
| SSRF/XSPA в форме загрузки видео по URL |
Denial of Service |
alpha |
No rating |
2016-02-17 |
| Cross site scripting On api Calculator API requests |
Cross-site Scripting (XSS) - Generic |
d1pakda5 |
No rating |
2016-02-17 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles