Open Bug Bounty ID: OBB-1014458
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
resquel.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
Open Redirect / CWE-601 |
CVSSv3 Score: |
3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
41PH4 |
Remediation Guide: |
OWASP Open Redirect Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAWDElEQVR4nO2df0xT1xfAnx3DrhbFWis/qkKjaBhhyJhjhi1+jXGIxFRnDFNEpkYJM06Jc4iGMUeQIRLHnHGGGUaM84+FkcYYYjrjCGGEMVJrx5ARhqypjVaoWrFi5X3/uN/dvO97994+flScPZ+/uLfnnXvOuZd337vvvXOn8DzPAQAAAEAAUEy2AQAAAMALC8wxAAAAQKCAOQYAAAAIFDDHAAAAAIEC5hgAAAAgUMAcAwAAAASK52KOiY2NvXbtGq0YhAQiAhBVAACePZM/x1y/fn1kZOS1114jFoOQQEQAogoAwKTgZ465efNmWFgY8ad79+4dPXqUVpSPyWRau3YtrTi5MNwPHGOIgF872TrH3HejskHE4ODgBx98MHv27Ojo6E8++eTJkycMJTdv3pw5c6Z8S/wK37hxY/Xq1TNmzJgzZ8727dvv3bvHEL5z587mzZtnzZoVHR29b9++x48fo1am/D+rV68WHrV69epvvvkGmyQSjo2NpTV39+7dLVu2oMgcPHgQRYZt84MHDyIjI2/cuCHUs2/fvldeeeW7775jh0JoJ+Lx48fvv/8+7giGpzRTRbDHBraTGGf5rciUFA6PwcHBLVu2oBbxIPSLKGI0s0c1xl5gxn4f43a7y8rKaEX5PM9zzKQQiAiwdY6578ZDbm7u8PCwxWK5cuVKS0tLcXExx3Hz5893uVzPoPWMjAy9Xt/V1dXR0eH1evPy8hjCOTk5SqXSZrM1NTVZrdbDhw+jerVa7RVgMpnwITdu3Ojo6MjJycE1QuHS0tLExERGcyMjIygyV69ePXLkiF+bq6urs7OzFy1ahGvu3r1bXV3d2tqanZ3NcE1q5+PHj9PT030+n1CM5inNVPkI7aTFWX4ro7Vn27ZtIyMjVqvVbDY3NTXJ+S+QRoxm9qjG2IsMz6Svr0+tVsv5iSHJwOFwhIeHDw8PE4uTzticGg9jiwDbTr86J8TNUSkZGhrS6/UejwcV29raFixYwFYeHh4u3xK2sNfrPXHixP3791HRarXq9XqasMfjUSqVUlPZ/ubn5x8+fBgXnU5neno6LsbHx9fX19OaUygUbrcbFZubm+Pi4tg2379/PyEhAf+EkNkdIjvRgaWlpcLDaapopkqRcxqhxVl+KzIl8fDwer0hISFC+fj4eKJmIaKI0cwe1Rh7sZE1x5w4cSImJkaj0WRnZ6MucbvdeJaqra0VFo8fP65WqysqKnQ6XXh4eE5OztDQEE3/6dOnN27cKC2idsvKyrRabURERE1NDc/zXq9327ZtarV63rx5xcXFPp8PHdXW1paWlqZWq6OiotavX9/Z2cnzvN1uX7VqlUqlMhgMVVVVaFRJ50V8MiIqZ/xv+Hy+wsJCnU6nUqk2bNjgcrl4nvd4PDt37tRqtXq9vqSkRKiksrIyJiZGpVJt3LjR5XLt379fq9VqNJrc3Fw8QEUBIfpFrEdNlJeXE2Mu1Ck1W9SVIjfb2tpSU1OVSqVWq92wYYPdbmfbIB0qvb29KpWqo6OD53mXyxUeHn7lyhVRK+fPn3/nnXdEAUc9qFar4+LiysrK2NMGTZjYTUKGh4cPHDiQk5NDGwMi8Jmor69PpVLt2bNHp9PpdLq9e/diebfbrdFonE4n0dS2tjatVkub8hlDlGgzz/NlZWWijhPeC0r7FMOwUzTHED2VY6pQm3R8MuwUxnlUrRAlicPD7XYrFAr8n9Le3h4TE4P+po0Eds/ylIlK1F/Bhv+1Mo/HY7FYWlpa2traHA5HYWEhx3EzZszo6upCd9DZ2dnC4rp16zweT1tbW3t7e3t7e0dHR0VFBU05Y6HM4/F0dXXZbLba2tq0tDSO444cOTI0NGS1WhsbG5uamk6fPo0kMzMzc3Nz+/v7m5ub09LSlEolx3G7d++ePn16V1fX5cuXa2tr/bpJU06joqLCbDabzebu7u6oqKjOzk6O4/bs2eNwODo6OhobG00m06lTp4QxbG5utlgsDodj8eLFLpfLarW2trb29fUVFRURI0D0i1bv8Xja/0EUc6FOqdmirhS52dHRsXPnTqfTabPZ9Hr97t272TZIh0psbGxRUdHevXs5jisuLs7IyPjPf/4jbOLGjRv79++vrKwUNY16sLOz89KlS+fPn8f1syUwhIndhPnxxx9VKlVbW9uZM2c4eWOgtLQUr5MMDQ2p1WqbzdbS0mI2m0+cOIHqa2pqMjMz58yZIz2c47ja2tpNmza9/PLLxF/9IrL54cOHVVVVR44ciY6OPnTo0NOnTzmOmzVrFqNPMWw7hdA8lQ9xfDLsFMZ5/BCHx4wZM5KTk4uKip48efLgwYOSkpKUlBT0E20k+I2Y1GxRfwUj7Cmor6+P4zh8x9fS0mIwGPBPxLUydEh/fz+qr6+vT0lJQX/39/fjKwWe5z0ej1qtHhgYkBaREvwTQqvV4kt+i8WydOlSnucHBgZCQkK8Xq9Q0ufzKZVKoQ1+72OIyhn3MTqdDl2bCxtVq9W9vb2oaDKZUlNTsS/CW3Lh1VNLSwteJhJGgOgXrZ4Rc1GQpWaz3RTS09MTERHBtoE4VIaHhxcvXlxSUqLVakXXgHa73WAwXLhwQWQJrQfRISIYwkR/MUNDQ01NTQkJCadPn+YpY0BISUnJypUr0VWt1+ttbW3FPzU0NGB5g8FgsViIV9xerzc8PJxhkt/LdpHNlZWVRqPR5XL19PQkJCRUV1cT9RBh2Ck8nObpqO4waOOTaKcwzuO/j2EMj87OzqSkpNDQUJVKxXHc5cuXUT1tJDAiJjIbI+qvIGR0z2OEwWXMMUqlEtd3dnbqdDr0t8/nczgc+Kf6+voVK1YQi9KRNzAwwHGc9h80Gg1Wm5WVlZSUVFBQUFlZefXqVZ7nHQ6HyAb2HENTTvtHdbvdISEhosHkcDhCQ0Nxsbu7G52R2f8kwqIoIFK/aPWMmAt1Es1muMnzfEdHx8qVK6OiolBYsKlEGxhums1mjuPwGRCTmpoqrMRKaD1IhCZM81fEpUuXkpOTGQMM0dDQYDAYpKttiK6uLtTdOODEM9GFCxcSExOFNVoBvOxTKrKZ5/m4uDh89jSZTMRzt6gJBNtOxpDAnrKv2ERO0cantCFRnEfVClHS71hyu91VVVU4dLSRwI4Ye3jg/gpCQp7lPdNLL70UGRmJi6N6o8zr9SoUivb29pCQ/9msUPxvoe/777//7bffbDabw+EoKChYtmyZcPVJDgzlbHdG1YpfRBGQ+vXVV18R6/fv3y9T52jNNhqNO3bsOH36tFKptNvt6enpNNsYNnAc53Q6FQqF0+kUVt66dctqtf7yyy/y7eE4Di2OCbFarQx5qb9PnjyxWCxvvPEGKhoMBofDwR4Dv//+e15eXmNj46xZs2gNjYyMcBxXXV1dUFBAk6mtrd22bZuwxmKxMIxn2zw4ONjb2zt37lxUGRcX53A4pMcSm2DbyQZ5ykCmU1LkxHn8rYhQqVQnTpw4efIkKtJGAiNiUrOJ/TUh1v77YE9BY7uP4QT3xQ0NDfgCQYjP59NqtXhlSVQkXkap1WrGIgPCYrHo9XrR3XFDQwMy+/79+wqFAq/nNDc3Y3eIytlrZRaLReQRba1Mzn2MKAJEv2j1tJhLdUrNZrh5+/btkJAQYVvEa2psA81Nt9sdERFx4cIFjUaD31xA5on8pa2V4R7kZayVCYWJ/qIXivD6oclkQoshtAE2MDCwYMGC8+fPCyvNZnNSUhIu1tfXIyUcx2k0GnT9q1AohHcPdrtdqVTevn1b2gSG8V6Z1GZ0NsQxbGhoQEOOZw5dBMNO0eE0T0f1XhntnCBsiBjn8b9XxhgeiDNnzohuMogjgRYxotm0MRaEjH2O8Xg8ISEh3d3doiIaT+gdJJvNlpSUVFJSgjXgRXy0RonrRUXif0heXl5qaiq6dq6oqDhy5AjP852dnenp6VeuXHG5XP39/Tt27MjMzOR53mg0Cm3AZi9dunTHjh1Op7O7uzstLQ3XE5Xfv38/JCSkq6sLL8FjY8rKypYuXWq1Wu12++7du5uamnie37Fjx9q1a/v7+202W3JyMloFkjnHiCJA84tYT4u5SCfNbFFXCt3U6XSnTp1yu93d3d1GoxGZSrOB5mZ+fj56sa20tHT58uVCe6QPdbASWg8SoQkT/eV5PjMzMysry263WyyW+Pj4U6dO0caAz+dbuXLlnj17hB+I8Dzvdru1Wm1xcbHL5ero6MDPQvDM19raOn36dPQ3arS8vNxoNDK8QKSnp2dnZzscDjRE8ZuyRJuNRmN6enpfX5/Vao2Pjz979qw0kkQYdooOp3nKMFUE45wgvKogxll+KwxJxljy+XwGg8FkMgn1EEcCMWIMs4n9FYSMfY7heb6kpESlUuGXDlERvbtMfI9WqG3//v1FRUVYlahI/A/xer179+7V6/UqlSojIwNdvg0PD5eUlMTFxYWGhup0uuzsbPRUWfjucmVlJTa7p6dnxYoVarU6Pj6+urpa+O6yVDnP84WFhchHkUk+n+/AgQNarVapVKKHrjzz3WVaDHFRFAGaX8R61IT0fXGRTprZwq4UWdvU1JSSkqJUKiMiIgoKCpCpDBukfrW3t6vVanQV6fV6Y2Ji6urqiKEQxUr4vqmwB4nQhGn+3r59OysrKzw8XK/Xl5aWMsYAOj8Kwcrb29vRC9wGg6GiokJkktS7xYsXNzQ0MLzAtm3atEmj0URFRRUWFuK3nIk2u1wuJDxv3rzy8nJiJNnIeR5D85RmKlEb8XsG0foHMc4yW2FIMsZSXV2d9EkJ7WwgjRjbbGl/BSFTeJ6fsHU3juM47ubNmwkJCQ8ePGCLLVq0qK6u7s033yQWJ9ykpKSkwcHBQCifKAIRgYBGFQAAwC/P9Jm/EFFuJVExCAlEBCCqAABMLpOfdznYgI0MghzocSCogDnmmQIbGQQ50ONAsOF/jqFlqBYlAMfCeXl5CoVCJExLfy1KP/7zzz8vWbJk2rRpb7311vXr18fmkjSR+Pz580UPY57BngVEXuwk0xO4FcIz2FVhYntWJi9YjwOAX/zPMcQM1cQE4DRhjpL+Wpp+PCsrq6SkBH3rJ/pU7ZkxUXsWEHmx55h/F5OyowH0OBB0sF87o2Wo7pMkAGcIy8+OrtVq0Uv6Fy9eFKXckI+ctzYZMrRvS8fPc76RwfiZwFhNoKpJbELEi9fjAOAXP/cxU6dO/eijj9CqxZMnT86dO7dixQqO4+bPn3/o0CGZwtOmTXv06NG0adOQ2PDwcGho6N27d2NiYjwez5QpU/BaWX5+fkZGxocfflhUVCTMnstJFk/wZnao/ujRo7Nnz46MjPz222/lz69ffvllbGzsrFmztmzZgpb17t27J7RKWKyqqgoLCzt27NicOXNmzpy5devWR48eIT2//vrr22+/HRYWFh0d/d577/3xxx/E5kwm06pVq3DCXVxct27dsWPHUOW1a9emTp2K1xh37dr18ccfswUWLlzIPlxkxsOHD3ft2jV79uy5c+d+9tlnT58+RTEkuvb48ePt27eHhYXNnz//008/RWl9kfzx48djY2Nnzpy5efNm4R5/X3zxhUgPre8Qt27dWrNmTVhYWGxs7PHjx4U/SVUx7Cfqp5kq6uivv/763XffxRoOHTq0detWdtA4ythjuCMaAAAQDMh95j+qDNVsYZT+mpjWG+Viqa2tbWxsfPXVV2XaJt0FQAgxFTw3oXsW0JLwi6AtlGVmZqKUkRzHXbx4cWRkpLGxERXNZnNGRgZbwGg0sg8XmUHcgIDmGi3JucfjsVqtKHr9/f04QRxjiwEau3fvDg0N7enpMZvNdXV1uJ6miraBAg2iqaKONhqNTU1N+KMuk8m0fv16v0HjSGOP5g4HC2VAcCLzfoeYoZq22sBIZ83I2l1TU5OYmOh0OpcvX442Dezp6aHlZ8Wf2vZJdgEQSUrTW+GjJmTPAloSfv7/9zJgbGTgcDhUKhXSsHTp0oKCgk2bNqEWp0+fPjw8zBbo7+9nHy40iZhUjZF6nbblgTB6zc3NKHo0PYxMByiXFLZHuAsDURXNfkZWPaKpUqtSU1N/+OEHXC/sUPauDcKxR3NHOgAAIEiQO8cgRBmq2Sva0nTW7KzdeKsPh8Oh1WrLyspaW1txMj7GHCOyYQzPY2Tm+qTlJ6cl4RfuZcDYyIDn+aSkpCtXrjidTr1e73a7dTqdz+erqalZv369HAG/h2OIGxDQXJO55YGwL4h6GNEW2SPchYGoima//N6k/VReXp6bm8vz/MmTJ4V7s9IalWpguMNLehwAggQ/3/mPKkM1W5idtfvOnTsDAwNLlizhOC4yMrK2ttZoNKIsSWwL/SJNBX/nzp1x6hRBS8Iv3MuA/UZZRkaG2Wzu7e3NzMycMWNGUlJSU1OTcKWLLeD38LExti0P/qWsX78eDbaLFy/m5uZOuH5YKAOCEz+njJGRkWXLluGPS7q7u+fNmzcG4cHBQaPRWFVVRfv6TKPRhISE/Pnnn6i4Zs2abdu21dfX47efNRrN0NAQXjG32+2y/OM4iwSZB0rxer1///03+lsUitdff33r1q0HDx48e/ZsQ0OD6MCnT59evHgRn2JERe6fRzL4NGQ0GhsaGq5evYonCbaA38MxOp0uNDT0r7/+QsWurq6YmBiaa5GRkSqVamBgIPofhNv/yA8Ro+90Op1Cobh58ya2h62KaP+Yx4aQhQsX6nS6n376qbW1VRQ3WtCk0NyR9jgABAt+73QYGaqlawVEYVr6a9Hh+fn5y5Yts9lsLpertrZWq9VGREQI83gT0/JLbRAl5CcygXsW0JLwI5Cn7I0MEDqdTqfTIXm73T59+nThph1+Bdi/Cp8uSDcgYKReJyY5Zz8bI+qhbanA8/yGDRuMRmNfX5/NZktMTPSririBAk2//I7meb64uDgxMVHafbRGiauyRHeIPQ4AwYD/OYaRoVr6P0YUpqW/ln5eU1hYGBMTo1Qqk5OTz50719vbq1Kp8J4fxLT8xP9znJCf5tQE7llAS8IvbIW9kQFi06ZNGzZswMWUlBSRDFuA8avIWekGBEiAuB0DLd0949kYMYU7bUsFnuedTmdmZqZarY6JiSkvL/eririBAk3/qDoa3ePiovBYObs2MNwh9jgABAOje+YfzIznk724uLjW1lZacdJ59l8j0ujq6sJvUjx70MfCE/jqF3bneetxAHhmTFpu/6ACNjKQicViMRgMk9X65cuX09LShF9NjhPsDvQ4ELTAHANMMp9//nlUVNTatWt7e3uLioqKi4snxYx79+6dPHkyKytrnHqeE3cA4DnhhX0VFfi3sHz58lOnTun1+uzs7D179oiSuDwz8IOfcep5TtwBgOeEid9rGQAAAAAQcB8DAAAABAqYYwAAAIBAAXMMAAAAEChgjgEAAAACBcwxAAAAQKCAOQYAAAAIFDDHAAAAAIEC5hgAAAAgUMAcAwAAAAQKmGMAAACAQAFzDAAAABAoYI4BAAAAAgXMMQAAAECggDkGAAAACBQwxwAAAACB4r/LdG3RYA3EPQAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 November, 2019 18:27 GMT |
Vulnerability Verified: |
12 November, 2019 18:41 GMT |
Website Operator Notified: |
12 November, 2019 18:41 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
12 November, 2019 18:41 GMT |