Search...

Mail.ru: Stored XSS on http://cards.mail.ru

2014-05-13T12:23:15

ID H1:11927
Type hackerone
Reporter 4lemon
Modified 2014-12-10T19:09:03

Description

Эксперементируя с html редактором на странице отправки открытки http://cards.mail.ru/card/compose.html?cid=7842 был найден вектор, который проходит проверки и остаётся: asdf<br> <iframe src=javascript:alert(2) < В итоге, хранимый xss на страницах http://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f и http://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f Последняя ссылка попадает напрямую в почтовый ящик жертвы.

JSON Vulners Source

Initial Source

{"id": "H1:11927", "hash": "753c0f78739d1aec63d217c4fc616637", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "2014-12-10T19:09:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2018-11-23T14:56:22", "history": [{"bulletin": {"id": "H1:11927", "hash": "7d066ab903f95aac4bb91afb603c076061d2492c5ecd685fb0e98e6a29338351", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.Ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "2014-12-10T19:09:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2018-02-07T16:57:59", "history": [], "viewCount": 2, "enchantments": {"score": {"modified": "2018-02-07T16:57:59", "value": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N/"}}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/065/390a2ad469ff2e598d5da551aad5fe9a6b26edd7_medium.png?1397207912", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/065/5d21ab92b4e7aec83bd27fe596736f816c7e59fd_small.png?1397207912"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}}, "differentElements": ["h1team", "h1reporter"], "edition": 4, "lastseen": "2018-02-07T16:57:59"}, {"bulletin": {"id": "H1:11927", "hash": "a56b13f099005d6b2515a6e1226dec58d3069981dce19af47dbe8ac0e934d01a", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.Ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2017-08-28T23:19:23", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/065/390a2ad469ff2e598d5da551aad5fe9a6b26edd7_medium.png?1397207912", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/065/5d21ab92b4e7aec83bd27fe596736f816c7e59fd_small.png?1397207912"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}}, "differentElements": ["modified"], "edition": 2, "lastseen": "2017-08-28T23:19:23"}, {"bulletin": {"id": "H1:11927", "hash": "0de4f706624ac093855245ad229d042a270f273706cd7239487af6b8a7ba01fa", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.Ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "2014-12-10T19:09:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:11", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/065/390a2ad469ff2e598d5da551aad5fe9a6b26edd7_medium.png?1397207912", "small": "https://profile-photos.hackerone-user-content.com/000/000/065/5d21ab92b4e7aec83bd27fe596736f816c7e59fd_small.png?1397207912"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}}, "differentElements": ["h1team"], "edition": 5, "lastseen": "2018-04-19T17:34:11"}, {"bulletin": {"id": "H1:11927", "hash": "49db243d53ac09085c43172b8685ef1e53ca7227c220221ba7cd2659d64e9a1a", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.Ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "2014-12-10T19:09:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2018-11-22T18:56:27", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/065/07da688e1d8801d35fdb85376bd9d64e424e6dab_medium.png?1542897520", "small": "https://profile-photos.hackerone-user-content.com/000/000/065/b5353ff7c53e16da116c7f4e73cc5687ec7d8809_small.png?1542897520"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}}, "differentElements": ["title"], "edition": 6, "lastseen": "2018-11-22T18:56:27"}, {"bulletin": {"id": "H1:11927", "hash": "35017a432591f0ca2623171223c4d98997888e4ab9c48059c560249193ce556c", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.Ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2017-08-22T11:09:36", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/065/390a2ad469ff2e598d5da551aad5fe9a6b26edd7_medium.png?1397207912", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/065/5d21ab92b4e7aec83bd27fe596736f816c7e59fd_small.png?1397207912"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}}, "differentElements": ["h1reporter"], "edition": 1, "lastseen": "2017-08-22T11:09:36"}, {"bulletin": {"id": "H1:11927", "hash": "10234b387e1f68308782a691bcc06fc027fd6d140f3cd3c2137332b5bc86b4f7", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.Ru: Stored XSS on http://cards.mail.ru", "description": "\u042d\u043a\u0441\u043f\u0435\u0440\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 html \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043a\u0438 http://cards.mail.ru/card/compose.html?cid=7842\r\n\u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0432\u0435\u043a\u0442\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f:\r\nasdf<br>\r\n<iframe src=javascript:alert(2) <\r\n\u0412 \u0438\u0442\u043e\u0433\u0435, \u0445\u0440\u0430\u043d\u0438\u043c\u044b\u0439 xss \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445\r\nhttp://cards.mail.ru/card/status.html?fcid=acff40d2aad6a1bb49ba650788b0806f\r\n\u0438 \r\nhttp://cards.mail.ru/card/receive.html?tcid=bef7886ed4771bb6de75d026c0105b6f\r\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u0436\u0435\u0440\u0442\u0432\u044b.", "published": "2014-05-13T12:23:15", "modified": "2014-12-10T19:09:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/11927", "reporter": "4lemon", "references": [], "cvelist": [], "lastseen": "2017-08-29T13:11:25", "history": [], "viewCount": 2, "enchantments": {"score": {"modified": "2017-08-29T13:11:25", "value": 3.3}}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/065/390a2ad469ff2e598d5da551aad5fe9a6b26edd7_medium.png?1397207912", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/065/5d21ab92b4e7aec83bd27fe596736f816c7e59fd_small.png?1397207912"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}}, "differentElements": ["h1reporter"], "edition": 3, "lastseen": "2017-08-29T13:11:25"}], "viewCount": 4, "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2018-11-23T14:56:22"}, "dependencies": {"references": [], "modified": "2018-11-23T14:56:22"}, "vulnersScore": -0.2}, "objectVersion": "1.4", "bounty": 150.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/065/07da688e1d8801d35fdb85376bd9d64e424e6dab_medium.png?1542897520", "small": "https://profile-photos.hackerone-user-content.com/000/000/065/b5353ff7c53e16da116c7f4e73cc5687ec7d8809_small.png?1542897520"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/002/194/e692bb44d384f9a9ff923aa47266566581fb12b1_small.jpg?1468248798"}, "url": "/4lemon", "username": "4lemon"}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}