Mail.ru: Uninitilized server memory disclosure via ImageMagick

It was possible to disclosure the part of server memory from uncontrolled location on the server belonging to "Moi Mir" my.mail.ru project via uploaded GIF image header manipulation. my.mail.ru is not currently in the Bug Bounty scope, reward was paid as a bonus due to potential severity...

Mail.ru: Blind XXE on my.mail.ru

Blind XXE in my.mail.ru Moi Mir avatar upload feature. Moi Mir is not covered by regular Bug Bounty program, a bounty was awarded as a bones due to high potential impact. Blind OOB XXE issue was found in upload avatar feature...

Mail.ru: Открытое перенапровление на OpenID

Open redirect in http://openid.mail.ru/login. openid.mail.ru is a part of "Moi Mir" my.mail.ru project. Neither Moi Mir nor open redirects without additional impact are currently covered by bug bounty program. i die ███████████████████████████ ███████▀▀▀░░░░░░░▀▀▀███████ ████▀░░░░░░░░░░░░░░░░░▀██...