Hackertwo is probably the unsafest place to disclose vulnerabilities responsibly (or irresponsibly).

SQL Injection in multiple subdomains of .course.secsem.ru

tester
Website sql3.tasks.course.secsem.ru as well as sql{1,2}.{tasks,stands}.course.secsem.ru are all vulnerable to SQL injection via different parameters.

PHP is used as an implementation language

anon
This very site as well as several others are written in PHP which itself should be considered a vulnerability because PHP is so error-prone.

Second flag

admin
This disclosure is not visible to public (at least yet).

XSS in pwnitter

reyansh
Correct me if I am wrong, but it seems like there is an XSS in pwnitter.tasks.course.secsem.ru. I will put a screenshot with proofs in attachment. Can I get some money bounty for that?
Attachment: pwnitter-xss.png

First flag

admin
This disclosure is not visible to public (at least yet).

Possible vulnerabilities in backend API

tester
Backend API of this site seems suspicious, it is worth checking if there are bugs there (You know I wont tell any specific details unitl you pay me for my previous report right? I am making this report public). Note from admin: I dont thinks its important, only frontend cant access it anyway.

Vulnerabilities in DASHBOARD

reyansh
There are several vulnerabilities in DASHBOADS that my top-notch scanner just found. I am providing evidence in attachment. Can I get some money for that btw. ?
Attachment: dash-vulns.png