Mail.ru: Potential SSRF in sales.mail.ru
SSRF in the project outside of bug bounty program's scope. Despite the project is out-of-scope, bounty was rewarded due to problem severity. i reported this issue as xss one year ago, so i found a directory, where one can upload /flashtest.htm?show=upload swf files, i uploaded malicious swf file...