Lucene search
K

9 matches found

Hacker One
Hacker One
added 2021/01/24 7:8 p.m.17 views

Mail.ru: [https://geekbrains.ru/profile] - authenticity_token not tied to user session leads to CSRF attacks

CSRF on geekbrains.ru The CSRF token on /profile was valid, but not tied to user's session, e.g. Account A's Token was valid on Account B, this could have lead to change other user's phone number, birth date, legal name etc...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2020/10/20 10:14 a.m.16 views

Mail.ru: Получение локального пути до файла [geekbrains.ru]

Verbose error output was enabled on lms-beta.geekbrains.ru...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2020/06/14 10:4 p.m.14 views

Mail.ru: Открытая админка 1C эмулятора

Staging testing versions of 1C-emulator and Adminer interfaces was available from external network without authentication on geekbrains.ru. This interfaces had no access to production data...

5.1AI score
Exploits0
Hacker One
Hacker One
added 2020/02/11 12:30 a.m.18 views

Mail.ru: [geekbrains.ru] Reflected XSS via Angular Template Injection

Potential XSS due to use of Angular templates...

3.3AI score
Exploits0
Hacker One
Hacker One
added 2019/12/19 12:17 p.m.10 views

Mail.ru: Account takeover at geekbrains.ru

It was possible to takeover Geekbrains account registered via Google account due to misuse of unconfirmed attached e-mail as account id...

3.8AI score
Exploits0
Hacker One
Hacker One
added 2019/06/21 12:11 p.m.36 views

Mail.ru: XSS in messages on geekbrains.ru

Stored XSS via data URI in messages on geekbrains.ru. geekbrains.ru is in extended Ext.B scope, XSS reports for this scope are accepted without bounty. Description Stored XSS in messages on a large IT training portal GeekBrains, the vulnerability allowed to execute JavaScript code in the victim's...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2019/04/18 8:32 a.m.311 views

Mail.ru: [geekbrains.ru] CVE-2019-5418 Ruby on Rails File Content Disclosure

Unpatched CVE-2019-3396 in geekbrains.ru...

10CVSS0.9AI score0.99913EPSS
Exploits38
Hacker One
Hacker One
added 2019/03/28 2:57 p.m.14 views

Mail.ru: Открытые сорцы

gitlab repository with opensource projects was available from external network on geekbrains.ru subdomain. While no sensitive information was leaked, decision was made to limit the access to eliminate possible risks in future...

1.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/05/23 10:8 a.m.11 views

geekbrains.ru XSS vulnerability

Open Bug Bounty ID: OBB-620736 Description| Value ---|--- Affected Website:| geekbrains.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Rows per page
Query Builder