Blog

w2w
Bug Bounty

[Bug bounty | mail.ru] Access to the admin panel of the partner site and data disclosure of 2 million users

Relatively recently, I switched from searching vulnerabilities on random sites to Bug Bounty sites, and for many people this choice seems obvious - in such programs, a researcher in 90% of the cases will receive not only good experience, but also a guaranteed reward for valid vulnerability, while on a random site, you can stumble upon misunderstanding and threats. Read more

Bug Bounty

[BugBounty] Partial authentication bypass vk.com

Bypass two-factor authentication on vkontakte. When the ip address of the person who logs on to the vk account changes, you must enter the full phone number. If the attacker entered through the phone, the password, then with this vulnerability, he can perform some actions in the account.

Contacts

Email

max@isec.one

SKype

qiecezZX

Feedback (1 - name, 2 - email, 3 - message). Sorry, the display of field names is not compatible with my Wordpress theme and temporarily not working.

en_USEnglish
ru_RURussian en_USEnglish