Mail.ru: OS command injection on seedr.ru

site: https://seedr.ru The seedid parameter be vulnerable to OS command injection attacks. It is possible to use various shell metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time...

Mail.ru: XSS Stored on https://seedr.ru

Site: https://seedr.ru/ OS version: Windows 10 browser: Google chrome Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. I changed my nickname to a code that demonstrates the...

Mail.ru: RCE в .api/nr/report/{id}/download

Domain, site, application -- app.nativeroll.tv Steps to reproduce -- Нужен аккаунт рекламодателя, можно зарегистрировать здесь https://seedr.ru/register-user/advertiser 1. Войти как рекламодатель https://seedr.ru/login/advertiser 2. Пощелкать что-нибудь, поперехватывать запросы, нужен accesstoken...