Monday, February 29, 2016

Reflected XSS in auto.mail.ru

I have found a reflected XSS in auto.mail.ru. The bug was easy to exploit since you will only enter the XSS payload into the searchbar. I have reported it to mail.ru via HackerOne and was resolved within a few days. I was also listed in their Hall of Fame as thanks. https://hackerone.com/reports/109373


 POC:

 

5 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. I was surfing through the internet to get the fine idea for getting boxes for the transportation of my stuff and instead of fine I got the finest though! Check out visit the Three Men And A Truck site for all the latest options!
    visit the Three Men And A Truck site

    ReplyDelete
  3. I have moved many times in my life and dealt with major nationwide movers before. Never again. This is my Go to affordable moving company for moving and storage. Period. They are Simply the Best.
    LLC

    ReplyDelete
  4. I was surfing through the internet to get the fine idea for shipping of my motorcycle and instead of fine I got the finest though! Check out at the page here for all the latest offers!
    at the page here

    ReplyDelete
  5. I have got the superb information from these blogs finally.
    additional reading

    ReplyDelete