Mail.ru: Disable 2FA via CSRF (Leads to 2FA Bypass)

CSRF vulnerability in pandao.ru allowed to disable 2FA. pandao.ru belongs to extended scope...

Mail.ru: Information Disclosure - Получаем доступ к работам и к приватным презентациям к курсам

Access to course training materials was possible in Geekbrains due to read access to S3-compatible bucket. Geekbrains belongs to extended Ext. B scope...

Mail.ru: [auto.mail.ru] IDOR на редактирование поста любого юзера.

IDOR allowed to edit arbitrary posts in auto.mail.ru auto.mail.ru belongs to Extended scope IDOR на редактирование произвольного поста на сайте auto.mail.ru...

Mail.ru: Unrestricted File Upload To Xss Stored [ https://ideas.browser.mail.ru/ ]

Stored XSS in https://ideas.browser.mail.ru/ ideas.browser.mail.ru belongs to extended scope...

Mail.ru: XSS

XSS via GET parameters in touch.cooking.lady.mail.ru touch.cooking.lady.mail.ru belongs to extended scope...

Mail.ru: CSRF on /subscription_manage.php endpoint at allods.mail.ru

CSRF in https://allods.mail.ru allows to manage user's subscriptions. allods.mail.ru belongs to extended scope...

Mail.ru: XSS

Reflected XSS via URI in allods.mail.ru. allods.mail.ru belongs to extended scope...

Mail.ru: ssrf xspa [https://prt.mail.ru/]

SSRF at prt.mail.ru. On the moment of reporting, Extended scope was not covered with bug bounty, bounty was awarded as a bonus...