Open Bug Bounty ID: OBB-1091618
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
shorelineframing.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
IAC (Improper Access Control) / CWE-284 |
CVSSv3 Score: |
6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP Access Control Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAK4UlEQVR4nO2db0hT/xfHb9N0zjtN3abOaVuFRA9KSIaGUUSE7TtESS1sZVEsiJQlKSpkK4kkMQjEelBhPemZyPCByKAwGaJmy6yWhenMKbWtFtPW2ub3weV3f/d7/2x3c3OV5/XonrvP/Zz355xzPXo/Xt2wsrKCAAAAAEAE4ERbAAAAAPDXAj0GAAAAiBTQYwAAAIBIAT0GAAAAiBTQYwAAAIBIAT0GAAAAiBS/RY+RyWQvX75kMoE/i/WcvvW8dgCgJfo95tWrVz6fb9euXbQm8GexntO3ntcOAEwE6DGzs7N8Pp/2I4fDcePGDSaTPTqdrqSkhMlkKWaVEGdevZeLFy8mJCQ8fPgwHNL+T+SWH0b8pC+KhBy6oKo67GvHCylY/X9EqQDrhRW/zMzMoCjK5iM/I/0jl8sHBgaYTJZiVglpZpfLFfJUVquVw+EYjUaPxxMOaf9hNcLWBj/piy6hhS6okgvv2kmFFKz+379UgHVCbHQ73MLCwtTU1P79+2nNaBEfHx/ytU6nk8fjReiByWqErQG/SfpoiXTowr52UiEFq/83LxVg/cBqP+b27dsymSwtLe3EiRMOhwNBEIfDIZVKnU7nhg0bHj58SDRv3brF5/Pb29vT09NTUlKqq6t//PjBNLNOpzt06NDGjRup5ujo6N69e/l8flZW1pEjR96+fcskBmNpaencuXNCoTA7O/vq1aterxd7YnDjxg2hUJiZmXn//n0EQX7+/HnmzBk+n7958+YrV654vV6SJOpzs46ODplMlpKScvz4cdwj7Tw2m40UB5L30dHRwsLChIQEoVBYUVExPz9P8pKYmHj06FGbzVZfXy8UCtPS0k6fPr20tMRe2MLCwj///MPn82UyWUdHR0pKCjXsXq+3qakpPT09MTGxoqLCZrPRBpC9NtpsUikrK2tvb8eOX758GR8fj8s+d+5cfX095o62eKgBZxpMzTsxdEePHr1+/TouqbCwEHuqSU0Nqcj9Fw9x7aGFl5hHYiGRnpWxyS9xPO19FJQYAFgNgXuM0+k0Go0Gg2FkZMRisTQ2NiIIkpycbDKZUBR1uVwqlYpolpWVOZ3OkZGRsbGxsbGx8fHxmzdvMk3uZzNGqVSeOnXKbDYPDQ0VFRVxuVwmMRi1tbUWi2V8fLy/v1+n03V1dWHjTSbT5ORkd3d3UVERgiDXrl1bXl6emJjo7+8fHBy8e/duwOVPTExgHs1mc3NzM3aedp60tDRSHEjex8fH1Wr14uLi5OSkRCK5cOECMchDQ0NGo9FisWzfvt1qtU5MTAwPD8/MzOBO2Qi7cOFCXFzchw8f9Hr9o0ePaBd18+ZNvV6v1+unpqbEYvGbN2+YAhiUtoAbEkqlUq/XY8d9fX0+n6+/vx8z9Xq9QqHA3NEWD23AmQZTI49TWVnZ29uLHS8sLBiNxtLSUtrUkIqcSQN17cGGl5pHYiFhrnHY5JcUc+p9FJQYAFgV/h+lzczMIAjy/ft3zDQYDFu2bME/ot2PwS4xm83Y+Z6envz8fOzYbDZLpVL8EqfTiaKo3W6nmna7PTY2lvRM2Y8Yj8eDouj09DRm6nS6goICbDw+P4ZAIHA6ndix0WiUy+WktZCOiR6HhoZwj7TzUONA8k7kw4cPGRkZ+Mhv377hXjgczvLyMr7Mbdu2sRTm8Xi4XC4eh56enk2bNlFdi0Si8fFx4hnaALLXtkLJJi0Wi4XH42FplcvldXV1VVVVmJekpCS32+2neKgBZxpMjTwxdMvLy0lJSdhVXV1dJSUlVJ3E1BCLnCnppLUHG17aAqOtSZb5xcfT3kchiAGAkAm8H4OiKP5zt1gsttvtAS/hcrnZ2dnY8fbt281mM365wWDAhw0MDMjlcvyHfaKZkpJSXl5eUFBw4MABsVicn5+/b98+P2I+f/7sdrtlMhnuFLthUBQlPkz4+vWr1WqVSqWY6fP5YmMDRIDoUSKRYB5ZzkPyjiDIixcvGhoa3rx543a7fT6fz+fDRyYnJ+NekpKSEhIS8GVarVaWwj5//uzz+YhxoF7ocDjsdvvOnTuJJ5kCyF4bKZu0ZGZm5ubmGgyGHTt2WCyWlpaW3Nxcr9er1+sPHjyIPWiiLR6mgDNVGjXyOAkJCQqFore3t6ampqen59SpU9h5ptTg+Ek6ce0hhJeaRybY5JcI7X0ULjEAwIY13fOPiYnJzMzETf+/tfz48ePnz59PTk5aLJa6uro9e/ZcunRplQJcLheHwxkbG8O/OnA4obwhFPI8paWlZ8+evXv3LpfL/fTpU3FxcQjew0JMTEx4J2T5m7sKhUKv109PTyuVyuTk5Ly8vMHBQfxBGRO0AXe73aFJrays7OzsVKlUIyMjPT092MmAqfGTdOrawx7ekKHeR/AEDFhLIvIOpsvlmpubw46npqZycnKoY7xeb19fH35nkkyM3bt3V1dXNzU1PXjwAH+GTotIJIqLi/v48SNmmkwm/PtNIpmZmTwez263Z/0PYs9jT2jzfPnyxWKxXL58eevWrVlZWdiT8fAiEok4HM7s7Cxmmkwm6pjk5OTU1FTS6+gsA8gEbfpowbZk8C/KpaWlvb29T58+xXsMbfEwBZxNpVFRKBRGo/HRo0cHDx7Evm1nkxomDaS1RyK8xHkC5pcK6T4KlxgAYEPoPUYgELhcrvfv39OadXV18/Pzr1+/1mq1SqUSv+rnz5/YgcFgyMjIwH9gJ5lv3749fPjwkydPbDbb3NxcZ2dnXl6eHzExMTHHjh3TaDRzc3OY06qqKtqRKpXq/Pnzr1+/XlhYaG9vb21tRRAkNTXV5XK9e/eO+mtmTNDO4x+hUJiamnrnzh2Hw/H+/XutVsvSF3tiYmKUSqVGo5mdncXigH+ERx5BEI1Go1arX716NT8/X1NT8+zZM/YBpIWUPj8UFhbOzMwMDw8fOHAAQZCSkpLu7u6MjAxik6YtHqaAM1WaH+Lj44uLi1taWo4dO4adYUoNqappNVDXHvbw4rDMLw7tfRQuMQDACv/bNdSNfeIeo1ar5fF43d3dRLOjowNF0ba2NpFItGnTppMnT+JbxMTZLl261NzcjE9FMt1ut1arzc3NjYuLE4lEKpVqcXHRvxin06lWqwUCgUQi0Wq1Ho+H9gU6l8ul0WgkEgmPx1MoFPjOZ2NjI7YWpv1/kkemeYh7/lTvg4OD+fn5XC43IyOjrq4Om83/unCTpbDFxUWlUomiqFQqbWtro3Xh8XgaGhoEAgGXyy0tLbVarbQBZK+NlD7/VFVVlZeX42Z+fj5+LeaOtnioAWcaTI089Uxvby+KovjkKwypWflvkdMmnbr2sISXKd1s8oubtPdRCGIAIGQC9JgQYPlqdG5u7vDwMJMJhAWTySQSidbAUbjSF9R79ZH7uw9BEcXSZcrvbxIZAFiJ4nv+796982MCYcFoNG7ZsmUNHK3n9EVx7WuWXwAImSj/LRkg7LS2torF4pKSkunp6ebm5paWlrXXIBQKac9PT0/D32pcJQHz++vXL4PBIJFIoiIPAEhAj/nb2L9/v0ajOX/+fE5OTm1tbXV19dprMBqNtOehwayegPlVq9U6ne7evXtRkQcAJDasrKxEWwMAAADwdxL9/1EGAAAA/K1AjwEAAAAiBfQYAAAAIFJAjwEAAAAiBfQYAAAAIFJAjwEAAAAiBfQYAAAAIFJAjwEAAAAiBfQYAAAAIFJAjwEAAAAixb+ux3Um/4zsZAAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
14 February, 2020 19:11 GMT |
Vulnerability Verified: |
17 February, 2020 07:16 GMT |
Website Operator Notified: |
17 February, 2020 07:16 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
17 February, 2020 07:16 GMT |
Vulnerability Fixed: |
8 May, 2020 19:50 GMT |
— |
— |