logo
DATABASE RESOURCES PRICING ABOUT US

skillxcellence.com Improper Access Control vulnerability OBB-1155320

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[skillxcellence.com](<http://skillxcellence.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 CVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAH70lEQVR4nO3cX0hTfx8H8OPUnHqmTue0NXGLqAVRXYhZpP0hooaIWanUKiMwEJUhFrbAVlGJZlSIdOFFepNXY+xKQhBKRtiypallUDpxjtiWq7mmbJ7n4vAc9mw7x+XP1e+x9+vqfM6+fz8H/Hi+DmMoiiIAAACigPenFwAAAOsWagwAAEQLagwAAEQLagwAAEQLagwAAEQLagwAAETLv6LGyOXyd+/esYXweyDtALDm/nyNGR0dXV5e3rVrV9gQfg+kHQCiYYUaMz09LRAIwn7kcrnu3bvHFkbOYDCUlJSwhZEsJvA+2/U/F72R/w040g4AsGqrf4+Zn5+/e/cuWxi5yGsMm9zcXLvdvoqpgYEaAwDR8IfPyubm5iYnJw8ePBg2jFxCQsLaLuyvsuq0AwBwi6jGPHr0SC6XZ2RknDt3zuVyEQThcrlkMpnb7Y6Jienu7g4MHzx4IBAI2trasrKyhELhhQsXfv78yTaywWA4evRofHx8aPj69evCwkKBQLBp06aTJ09OTEwEdhwbG8vIyHj58iUR2cnVly9fkpOT3759SxCEw+EQCoUDAwMEQfj9/mvXrmVlZSUnJ58+fdrhcBAEsbi4eOnSJYFAkJube+PGDb/fzz142Pb0qtrb2+VyuVAoPHv2LJ06tkkjmZet48LCwuXLlzMzM3Nycm7evOn3+wNnT05OrqiocDgcV65cyczMzMjIuHjx4sLCAttTWN2+Kioq7ty5w/Tdu3dvd3c3d94AYN1buca43W6z2Ww0GoeGhqxWa1NTE0EQqampHz58IEnS6/WqVKrA8MSJE263e2hoyGQymUym4eHh1tZWtsE5DsqKi4urqqosFsvg4OD+/fv5fD7TzOVylZWVtbS0FBYWRrhPuVyu0WjUajVBEM3NzUql8tChQwRBtLa29vf39/f3T05OSiSS8fFxgiBu3brl8XhGRkb6+vpevHjx5MkT7sHZ2rvd7pGRETp1FotFo9HQ98NOGsm8bB3r6+utVuvw8HBfX5/BYOjs7CT+++AGBwfNZrPValUoFHa7fWRk5NWrV1NTU8xiQp/C6vZVXl6u1+vpBnNzc2azubS0NKJnAwDrGMVpamqKIIjv37/TodFo3Lx5M/MRSZKBLemQ7mKxWOj7Op0uLy+PvrZYLDKZjOnidrtJknQ6naGh0+mMi4vzer1Bi6GnUCqVNTU1ofc5rimKWlpaUigUWq1WJBLZbDb6plgsHh4eDtq1SCRyu930tdlszs/P5x6ZrX1g6gYHB5nUhZ2UbZxAYTv6fD6SJD9//kyHBoOhoKCAnn1+fp6ZncfjeTweOjQajVu2bKGvg55CJHkIuy+Px5OSkkI/987OzpKSktABAeBvE7diESJJkjmJkkgkTqdzxS58Pj8nJ4e+VigUFouF6W40Gplmz58/z8/PFwqFoaFQKDx16lRBQcHhw4clEkleXt6BAwfoZtevX+/r6+vq6lpxGUHi4+M7OjqOHDny+PHjrKwsgiBcLpfT6dy5c2dgs2/fvtntdplMRofLy8txcVxZ4mgfmDqpVEqnLuykkczL1vHr169LS0tyuZwOFQoFXQZIkkxNTWVmT0lJSUxMpEOJRMJ8SyLoKax6X4mJiUqlUq/X19XV6XS6qqoqjqQBwF9i5RqzhmJjYzdu3MiE3N8oe/bs2Zs3b96/f2+1WhsaGvbt29fY2OjxeHQ6XW9vb21tbVlZGfMzNEI2m43H49lstqBVBYZer5fH45lMJuZHKo/HdaL4q+3DThr5OKEd/yG2g7JV7Ku8vLyjo0OlUg0NDel0urVdJwD8X+J+zQk9EEtLS2P7KOxZmV6vZ87KAvl8PpFIxJzwBIVBzGazVCqdmpqKi4sbHx+nKKq4uLi2tjZ0JRwnWvPz89nZ2b29venp6fQgFEWJxWKz2Rw0HUmSoUdSHCOv2J7639SFnZRtnEBhO7KdlbHNHhhyp/1X9+X1etPT0x8+fFhWVsaxCwD4e6z+u8sikcjr9X769Cls2NDQMDs7OzY2ptVqi4uLmV6Li4v0hdFozM7OZk54gsKJiYnjx48PDAw4HI6ZmZmOjo7du3cTBMHn87dv304QxP3797u6ukZHR4NWlZ6e7vV6P3786Pf7A68JgtBoNEVFRRUVFQ0NDTU1NXR7tVpdXV09Ojo6OztbV1dHf1FNpVLV1NSMjY3Nzc21tbXdvn2be+Sw7TmEnZRtHCZjbB1jY2MrKyvVavXMzAyd8DNnzkT4EIPSHvSMfnVfCQkJx44da25urqysjHABALDOcZcg7l+HtVptUlLS06dPA8P29naSJFtaWsRicVpa2vnz55k/NQeO1tjYqNFomKGCwqWlJa1Wu3Xr1g0bNojFYpVKZbPZghZTX19fVFQUusimpiZmVcy1yWQiSZJ+u/J6vTKZrKenh6Ion8939epVkUjE5/NLS0vtdjvdQK1WS6XSpKQkpVLJ/JofdmS29hypCztp2HGCBmHr6Ha7q6urRSKRVCrVarU+ny/C95igtAct+1f3RVGUXq8nSZJ54gDwl4uhKGpti9b09PSOHTt+/PjB3Wzbtm09PT179uwJG8LvgbQDQFT9sRoDAADr3p//v8sAALBeocYAAEC0rP1ZGQAAAA3vMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC2oMQAAEC3/AWfK1Yp8qR+3AAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1155320.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 3 May, 2020 20:21 GMT ---|--- Vulnerability Verified:| 4 May, 2020 08:19 GMT Website Operator Notified:| 4 May, 2020 08:19 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 4 May, 2020 08:19 GMT