9 matches found
Mail.ru: [https://geekbrains.ru/profile] - authenticity_token not tied to user session leads to CSRF attacks
CSRF on geekbrains.ru The CSRF token on /profile was valid, but not tied to user's session, e.g. Account A's Token was valid on Account B, this could have lead to change other user's phone number, birth date, legal name etc...
Mail.ru: Получение локального пути до файла [geekbrains.ru]
Verbose error output was enabled on lms-beta.geekbrains.ru...
Mail.ru: Открытая админка 1C эмулятора
Staging testing versions of 1C-emulator and Adminer interfaces was available from external network without authentication on geekbrains.ru. This interfaces had no access to production data...
Mail.ru: [geekbrains.ru] Reflected XSS via Angular Template Injection
Potential XSS due to use of Angular templates...
Mail.ru: Account takeover at geekbrains.ru
It was possible to takeover Geekbrains account registered via Google account due to misuse of unconfirmed attached e-mail as account id...
Mail.ru: XSS in messages on geekbrains.ru
Stored XSS via data URI in messages on geekbrains.ru. geekbrains.ru is in extended Ext.B scope, XSS reports for this scope are accepted without bounty. Description Stored XSS in messages on a large IT training portal GeekBrains, the vulnerability allowed to execute JavaScript code in the victim's...
Mail.ru: [geekbrains.ru] CVE-2019-5418 Ruby on Rails File Content Disclosure
Unpatched CVE-2019-3396 in geekbrains.ru...
Mail.ru: Открытые сорцы
gitlab repository with opensource projects was available from external network on geekbrains.ru subdomain. While no sensitive information was leaked, decision was made to limit the access to eliminate possible risks in future...
geekbrains.ru XSS vulnerability
Open Bug Bounty ID: OBB-620736 Description| Value ---|--- Affected Website:| geekbrains.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...