Open Bug Bounty ID: OBB-1145888
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
carolinaorchards.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
Open Redirect / CWE-601 |
CVSSv3 Score: |
3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
myNickName |
Remediation Guide: |
OWASP Open Redirect Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAaIElEQVR4nO2df1AU9/3/N3jFAw7kx3EgXMKPKmJqyYUwFFPMxzo2QULp5UJaaogxxqhDGZIyai1aS2PGHwSd1BJqHZKhTMc6HYdShnEoQ61zpZQQQi54EkBKjhMvVJBfnnicx+33j/d0Z7+7733f3nHLcfp6/HXv3X2/3q/3j9337Xt3n6/HaJqmAAAAAEACAnztAAAAAPDQAnMMAAAAIBUwxwAAAABSAXMMAAAAIBUwxwAAAABSAXMMAAAAIBXLYo5JSkr64osvhJIAAEOCD7QJ4Bf4fo65du2a0+l86qmnsEkAgCHBB9oE8BdczDEjIyOhoaHYXTMzMydOnBBKiqepqSk/P18o6aew243QhkvphrcMRkREeNGgGNCQ2LZt26lTp9jb//a3v8XHx3uljnfv3n377bcTEhKCgoLWrVt36tSphYUFl7k4Rbs8BbzYHcxp4lvPJe2UqampN954Izo6Oj4+/uc///mDBw8WaVDIK2b7Ytx+DMei3H1Y8Pw+Znp6+vjx40JJ8TyUcwybhISEiYkJX3vhx6AhodPpGhsb2dsbGxu1Wq1XmnfXrl1ms7m1tdVsNtfU1LS0tPT09LjMxSna41PAA5jTxLeeS9opO3futNvtBoPhypUrHR0dR48eXaRBIbzirc1ms9ls/f394eHhtv/hFff8HpqIyWRSKBRidhGOJGCxWMLDw+12Ozbpv3jWGsvfDZPJFB4e7kWDLmGGxNjYmEwmGxsbY3bFxcW1tbUtvoi5uTmZTDY9Pb1IOy5b21vdwbSJzz2XtFPUarXVakXJrq6uNWvWLNLmEnTQ0p8gyx9R9zG/+c1vkpKSoqKiXnvttZmZGYqiZmZmEhMTrVbrY4899oc//IGdPHPmTGho6Pvvvx8TExMREfH666/fv39fyHJTU9Pzzz//jW98g5N86aWX3n//fbTxiy++WLlyJSqXoqi9e/euXbuWsPfAgQPk7AcOHGD7sLCw8Itf/CImJiYkJOSVV165c+cO2v7pp59u3LgxKCgoOjr6lVdeuXXrFrqVPnHiRHR09OrVqz/66COKou7du7d3797o6OjHH3/817/+NX+lgr9udvr06aSkpIiIiFdffZVxjF8c2o61j/VEqCL87hMqDmv21q1bL7zwQmho6Lp16y5cuMDU69NPP920aVNoaGh8fPzLL7/85Zdfciou3vOvv/76xRdfDA0NTUpKOn36NHs5jhkSMTExWVlZzL/mTz75xGazbd68mbO+MT8//+abb4aGhiYkJPzqV79aWFhwORicTidFUTKZjOJBzrt3716maM4ZIdQXQt3Bd1uordht4nPPpeuUoKCgmzdvhoSEoI1DQ0NxcXHs0yckJOTHP/7xnTt3Dhw4EB0dHRUV9cYbb9y7dw8dTzgrT506xbk0CS2RYTvFLYR68JHC9RxjtVoNBkNHR0dXV5fFYjl06BBFUatWrerv71coFDabraioiJ186aWXrFZrV1dXd3d3d3d3T09PZWWlkHGhhbK8vLy2tja0sbm52el0trS0oGRbW5tWqyXszc3NJWfPzc1l+1BZWdnW1tbW1jY4OBgXF9fX14e29/T07NmzZ2xszGg0qtXqkpIS1Br9/f1Go7Guri47O5uiqNLSUovF0tPT09LS0tTUVFNT47I9e3t7UXuazeby8nJCcQT7fE+wFcF2H6E4vtmSkpKwsLC+vr7Lly+z55i8vLydO3eazeb29vbs7Gy5XM6pqXjPS0pKAgMDh4aG2tra6uvr2UbYI4S9MtPY2JiXl7dixQpOoe++++7c3Fxvb29LS4terz937pzLwRASEpKbm1tYWPivf/2LuUgxdSTk/d73vsccyTkjhAaVUHfw3RZqK3abLAfPJeoUdvaBgYH9+/dXVVUxbrS3txsMBovFkpqaOjEx0dvb29nZaTKZmLOJMPa6/wf50kTolGgeBCPYHny0IN/mmEwmiqJmZ2dRsqOjIzk5mdmFXStDWcxmM9re0NCQkZGBfpvN5sTERCaL1WpVKBSTk5P8pMViCQ4OttlsNE1nZmaWlZVt374dGQ8LCzObzYS9drudnJ2zFqdSqXp6esjtMDQ0FBsbi6rGOEzTtMPhUCgUw8PDKNnU1JSVlcVpHM5vdnu2t7cz7ckvjmyf4wm2IoTuwxaHraBcLmf3JloKmJyclMlkqIWxiPccFcEcyRRB80aIyWSSy+WoOqmpqY2NjTRvHCqVSmaBxWAwZGZmihkMs7Ozhw4dSklJkclka9asqaiocDgctKtxODQ0JLRcjB1UhO7gu41tK36b+Nxz6ToFMTo6mpycfPHiRcYNZm2wvb09ICBgbm6O8Qqtp5HHHv/SxL52kd1mXOLAbij2Whm2Bx813Hsew25Bwhwjl8uZ7X19fSqVCv12OBwWi4XZ1dDQsGXLFqGkRqO5cuXK2NiYWq2enp5WqVQOh6O2tlan07ncK+YAxPT0tEwmQ6clh56enq1bt8bFxSmVysjIyPDwcP5yrcViCQwMZJKDg4PMxVpojhFqT35xIu0TKuJucdgKcnqTsVBYWKjRaMrKyqqqqq5evcppPfGec45kF8EZEjRNazSaixcvov/d6OLCNjg5OUlRlPJ/REZGorEncjDQNG2z2To6OrKyso4cOcKUKJRX6BQQGlRC3SHkNvbxAL9NfOj5EnRKVlbW2bNnxbjBJAljD3tpws4xQm6T4bu0HJ7L+hbMSq50rFixYvXq1UyS/EZZbm5uW1vb8PBwXl7eqlWrNBqNXq9n7qPJe8UcwHGMv1Gr1e7evfvcuXNyuXx0dDQnJ8db7YDFK8VhKyJRcX/6058+++wzo9FosVjKysqeffbZ3/72t+4aIcN/yRCtzJhMppycnKCgIM7xNpstICCgu7ubeUQREBBAuTMYVq5cuXHjxrNnzxYVFR07dsytvBzE94WQ21iEXrz0iecI6Trl66+/7u3t/fe//+2WP16B0Cn8xbHx8fEldc6/IE9Bnt3HUKwb0sbGRmatjI3D4VAqlcz9LCdJ03RHR0dmZmZ+fv7ly5dpmq6pqSktLY2NjUV3QuS9Yg5gUKlUBoOBs/H27dsymYxJGgwG7H2MB2tl2PbEFifSPqEi7haHrSB7rayxsRH72ozBYFCr1e62DLsIk8mEksxaGX9I0DRtNBrDwsLS09P/+Mc/YuuoUCj4Sz0uBwOzJILQ6/XMWhAhL+HVSuygIpxNWLexbcVpE597TkvWKai+7MqKvI8RuVbGXJqE1sqwbtNurpXBfYznc4zVapXJZIODg5wk6siCgoLR0VGj0ajRaCoqKhgLzAq+Xq/fsGEDs52TRKhUKpVKhbKMjo6GhYVpNBqRe10ewHhy/PjxzMzM3t7e0dHRkpISvV7PZK+pqZmenh4cHNRqtdg5hqbp3bt35+fnm81mo9GYnp6O7utnZ2dlMll/f7/D4RC5VsYvjmAf6wm/Iu4WhzWr1WrZvYmO7Ovry8nJuXLlysTEhNls3r17d15eHrtV3fK8oKBAq9WaTCaj0ZiWloaKwA4JmqZTUlICAwOZRXmOwX379mVlZaG7q8rKynfffZepr9Bg6O/vV6lU58+ft1gs09PTqNzjx48zNoXycopmnxHYQUXoDqzb/LbitMly8FyiTmFgjyiRcwwtPPawlybGLPu0JbhNAOYYPp7PMTRNV1RUBAcH19XVsZOnT59WKBQnT55UqVTh4eE7duxgHsqxre3fv7+8vJwxxUkitm/fXlBQwCQzMjLYx5D3kg9ge+JwOA4ePKhUKuVyuVarnZiYQNv1en1GRoZcLo+NjS0rKxOaY6xW6549e5RKpVqtZp640jR96NAh1Dgi5xh+cQT7WE/4FXG3OKzZ0dHR559/XqFQpKSkVFVVoSPtdntFRQW6sqhUqqKiorGxMf6VS6TnY2NjeXl5CoUiMTHx5MmTqAjskKBp+uDBgzk5OexKsQ3abLZ33nlHrVYHBwfn5uYyf2bJo+Xy5cubN28OCwsLDg5OS0s7f/48u0ShvPy6MGcEdlARugPrNt8+v0187jlCik7hFyR+jiGMvcrKSs6liW2WOW0JbhOAOYbPYzRNe3fxbWRkZMOGDXfv3iUftm7duvr6+u985zvYJPDIMjAw8Nxzz/33v/+FIcEH2gTwO5b0mT+bgYEBQhJ4ZDEYDMnJyRQMCRzQJoDf4XvdZcAzHqaACMeOHfvoo4/Gx8c/+eST8vLyffv2+dojD/HTXvBTtwG/AOYYv+QhC4iwefPmmpoatVpdVFRUWlr6+uuv+9ojT/DTXvBTtwF/wftzTEJCQnNz89NPPx0SErJx48Zr1655ZsfjYAEE+MJEBLF6l0Lf5APY/nu9Lj4Rq/aWND3fzqZNmz777LP5+fkbN268/fbbiy9CisHjEh9Khi+mvmy3x8fHX3311aioqPj4+J/97Gfz8/No+/z8/E9+8hNOr01NTb322mvoYLb2/ldfffXDH/4wIiIiJibmrbfeYoTIENu2bfv9738v0jePY0m4NValK8WHcT2WD5LcxxQWFlZUVKAv+3bt2uWZkaVUSpcCtv9er8tDHxBhkfhk8PiwFxZTX7bbO3bskMvlRqNRr9f39vYeOXKEoqj5+fmcnByHw8HJuGvXLqfT2dvb29bWptfrGQfy8vJSU1P7+/s7OzsnJiaKi4uZLAMDAz09PTt27PDMVfEsTUANCNshCileVlMqlei7pObm5rS0NM+MSPHaH98m/y1M8Q6QDyC8srxIfBUQwVu1WIIXOpf+nVHfhqXwuL5st61Wq1wu58vpm0ym9957j/86MjusQHt7+5NPPknjPu9lf5xbXFzMSN2IrNcSSOVLVwq8u0y71Pbn3OuxbyoJwtfFxcW5ubk//elPy8vL2Uq9WKVrrB2O3riQG3yDBPF8MTX1QIUbK9XO9v/cuXP8umBjH7hUy0cIBUSgiHL62BL5je+yAV1Ko7MHCUG0n2+H7D/fvpCrnMHz4YcfvvDCC0z2w4cP85/38Mv1OAYBobVFBjsgdwF/kHDqS4kOS8EZPCEhIffv32fk9O12e2BgIEVRCQkJhw8f5rSYzWZzOp3oAIqi5HL53NwcRVHR0dEpKSkffvghRVH3798/d+4cIzY8MzNz8eJFRuFbCEIsCaFoFPy2crlIJUUpi48F8FDi+VqZkPA1RVFIyKGurq6lpeVb3/oWOxdf6Rprh6M3TnCDb1BIPN8lZBVurKC3kOA52/+33nqLUxeh2Acu1fIRhIUygqQ5tkRs4xMa0C1pdEpYtF/IjlcCJXAGj1ar1ev1zAdbTU1NOp2OYwdbrscxCIRaW3ywA0IX8AcJ/2QRGZaCIq7vvffee4RFrVWrVqWnp5eXlz948ODu3bsVFRUZGRloV3Nzc3l5eVBQUFhY2NWrV2tra9H22travLy8mJgYwe6kKEo4lgQhGoUH57sUpRAuiY805Nscwoe1QsLXtbW1aWlpY2NjmzdvRp/+Dg0NMfqmFE/pWsiOmM/j+QZNRPF8wloZ1hT7YL5IkYmonE+QLKNwAuNCavniAyK4K2mObXxCAwrZEeodIdF+ITsiJc44XSbkKjtLVlbWpUuXmO2cRsaWyx8PImMQeFA78WNYaJAQ1mSEwlLQvLHEpqKiYuvWrWwBZn4RfX19Go0mMDAwODiYoqjW1la0vbS0ND09vaurq7W1Va1W19bWou3JyckGg4G8MCUUSwJbKVq4rciLVBKVgj2bYK3Mw28wp6amJiYmEhMTUdLpdDLqpOXl5S0tLTExMRcuXEhLSztx4sSWLVvi4uLQXoVCwV5hINgRCccg2sLcwKrVaqTR7ZkpNvHx8ZwtIyMj7LLi4uJEliWXyx9//HH0OzU11Ww2UxQVERFRUFCQlZWFmisjI+P//u//kNmOjg4mb2tra2ZmJuMnO3n79m273Z6UlMRYRueGUIlCjU9oQKwdIW7fvu10Otn+kO0Q/BdCZF9rtdrm5uaXX365ubk5Nzd35cqVHD+x5XLGA6E6nE5xt3bix7DQIOHw+eefHzx4sK+vz263O51OFC6TXwrHbYa//vWv9fX1XV1dZAHm9evXf/755zMzMx9//PGFCxe+//3vUxT14MGD2trazs7Ob3/72xRFVVZWnjlz5s033/zLX/6SmJj41FNPjYyMsI2wNYzHx8dv375NURS79ciVIrTVEpey+EvZw4qHrSAkfD0+Pj45Ofn0009TFLV69eq6ujqtVtvd3S0UAM4tVfPFg8IiLSwsMCeP1WpF/8Jcwhf07u7u9q57WLV8twIiuAW28e12+2KqsDzR6XRoBDY3N+/cudPr9pfyjTIxIRVEBm7Aun39+vV9+/a1tLRERUWJ8Sc4OPiDDz6orq5GycnJSbvdjiYYiqI0Gs3o6ChFUWfPni0rK+NnNxgMYkoRXyksS1DKo3M2uYuLOSYyMnJubu7u3btoDkfDhaKo1atXBwcHM9MJ+3iZTHbjxo21a9dSFPXiiy/u2rXr/PnzRqMRa1/Ijkg33CU6OjoyMrKzs/O73/0u2qLX69PS0sTk5Q9T/tucIrHZbDdv3kR/owYHB5944glm1zPPPPPMM89QFIUiRnMuHwsLC83NzUePHsUmVSpVYGDgV199hf4s9/f3M/+qsCViG5/zN1OM50K9o1KpAgICRkZGEhISkD9kO0L+L773165dq1Kp/v73v3d2dv75z3/m7CW0G+cwbHU4veBu7TyAPEjGx8ctFssvf/lLlBR6uZbvNkVRU1NTWq32zJkz4j/JrKurUyqVP/jBD1AyJiZGJpP95z//+eY3v0mxqnn16tXe3t6AgACn0zk7O4v+sY2Pj3OWB1QqFUVR7NZzq1JCLEEpHpxNjwouV9MyMzN37949NjY2ODiYnZ1NViOnabq4uPjZZ581Go0TExNo/MXGxqIXFrGrk0J2OLEDsG5gn6+QBWKrq6tTUlL0ev3ExMSlS5ciIyPb29uxpjhC33zIZbH9Z/8WEhgXUsun3QmI4JakObbxCZUi2BEaJFjRfoIdrP9C9gmucgYPTdNHjx5NS0tjmpR2FYbA4xgE7tbOrTEsNEg49RUTloI/eBwOx9atW0tLS20shLxisiQnJzc1NbE3lpSUbNmyZXh4uKenJyUlBWkYM08xOzs7w8LCOGFX2GBjSWArRWgrlw9CpCiFfza5vIY8CrieY4aGhrZs2aJQKJ588smzZ8+S1cjR9kOHDiUmJsrlchS2aHh4ODg4mB/OhGyH/v9jB2Dd8GCOoWn6zJkziYmJgYGBGzZsaGhowGZEsIW++bgsi+0/8xvl4sc+wKrlc0pxGRCBIGmOjbbAb3zyHIOVRhfqHVpAtJ9gRyhQgpjeNxEDT6DbUCbpMgyBxzEICK0tMtgBoV5Cg4RTXzFhKfiDh//0y6VMfX19fXp6OmejzWYrKSlRqVRPPPFEVVUVZ6/Lj1GwsSSwlSK0lcs5RopSsJcy8jXkUUCSbzABAot51SQlJaWzs1MoKUWJXgQF1PJV6egDQ+w7VJ7BVIfTC8uktV0icvAAwCKBNx/8Cb8OiMCI9vuE1tbW7Oxsz2SpsPh7DAI/dRvwO2COASTk2LFjcXFx+fn5w8PD5eXlnCfMS8bMzEx1dXVhYeEi7SyT6gCAHwHa/oCELBPRfubRyCLtLJPqAIAf4Z1YyyLjK4vPyGxnH+BxKb5iZGREo9FMTU0txoJ/VRkAAICNd+5jvK5xDaLZAAAADwFeWyvj6HMsQ4MAAADAEuN6jhEjOM/WuPZYXf/69etRUVH//Oc/qUXEj8NKcws5LCSwLyTuzZFGx0q1YzXDXcrLE/yhcOEDyMcDAAAsE1zPMSIF59l4oLY9MzOj0+lOnjy5adMmUY4LICTNjXUSK8BOEPfmSKNjpdqxmuFi5OWF/BEKHyB0PAAAwDKC/PmMkJY4B752vZC6vlDG3Nzc4uJi/vbFRJNkpLmx5VICcvdYC1ild75UO0EznCwvT5DNp3DhA0T6DwAA4FtcfB8jpCXO0crm5BLSwRbKdfjw4ZaWFiaWkUiw1rDS3NgjhWTqCeLeHKV3vlQ7QTOcLC9P8EcofIBbMvsAAAA+wfU3mFgtcfFa2Wywuebm5hoaGlAQVp1Ot2rVqsVYw0pzu+XtYiTECUgtLw8AALAMEfWdP19LnB+wSwzYXAEBAQ0NDevXr6+vrz9y5Ag/GIZ4a0LS3NhysQLs4sW9sVLtQprhlCt5eSF/CLh7PAAAwNLj4pn/l19+uW3btn/84x937ty5efNmdXW1RqPxrgdyuXz9+vUURVVVVdXW1l67do29NzIy0mazDQwMLCwssH9jTaHwML/73e9mZmZu3LhRUVFBLrqsrOzWrVvXr1+vqKjIy8tzy8KKFSsKCwvfeeedmzdvIgvbt29fsWJFTk4O2yw7i06nKysry87OZta+5ufnyf646z8AAMCywsUcs2bNmqysrH379qGHMTabzd2nJuJZt27dnj17OG+ChYaG7t+/H8UIYP8WMnLp0qWPP/44Njb2ueeeIyswKhSKjIyM9PT07OzstLS0gwcPumvhgw8+iI2NTU9Pz8nJyc/PLy4upiiqurp6dnY2NTVVp9MVFRWxj9fpdL29vQUFBSg5MjKiVCpd+uOu/wAAAMsH72jJ+B0+0Wi5d++eUqm0WCx89V93/QGNGQAA/ALQxFw6vC4vDwAAsMyBOWaJQPLyP/rRj3ztCAAAwNIBc8wS4S15eQAAAD/iEX0eAwAAACwBcB8DAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBUwBwDAAAASAXMMQAAAIBU/D/W0dTIaTVsAwAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
18 April, 2020 06:35 GMT |
Vulnerability Verified: |
18 April, 2020 06:46 GMT |
Website Operator Notified: |
18 April, 2020 06:46 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
18 April, 2020 06:46 GMT |