hometrade.com Improper Access Control vulnerability

2020-05-0613:23:00

singhnitesh21

www.openbugbounty.org

JSON

Open Bug Bounty ID: OBB-1156842

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence;
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.

Affected Website:	hometrade.com
Open Bug Bounty Program:	Create your bounty program now. It’s open and free.
Vulnerable Application:	Custom Code
Vulnerability Type:	IAC (Improper Access Control) / CWE-284
CVSSv3 Score:	6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N]
Disclosure Standard:	Coordinated Disclosure based on ISO 29147 guidelines
Discovered and Reported by:	singhnitesh21
Remediation Guide:	OWASP Access Control Cheat Sheet
Export Vulnerability Data:	Bugzilla Vulnerability Data
JIRA Vulnerability Data [ Configuration ]
Mantis Vulnerability Data
Splunk Vulnerability Data
XML Vulnerability Data [ XSD ]

Vulnerable URL:

![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHp0lEQVR4nO3cXUhTbxwH8MeZMfXM1823Zm0V6UXUjVhBREGYSIRdiBFWRGEgFkNMbFCtggzNoIjyJjAvvOxiREgIgckIG3P5li+Rr5vD5nI17Shz+18cOhzOOZtz8+j+8f1cnd/xefs9z/CHO6di/H4/AQAAkIBsqxcAAAD/LNQYAACQCmoMAABIBTUGAACkghoDAABSQY0BAACpREWN0Wq1X758CRRCGLCHABANtr7G9Pf3+3y+gwcPioYQBuwhAESJNWrM5OSkQqEQ/ZHb7W5oaAgUhs5oNJ45c4YXBplXImGvnzU5OZmamrpR64kEb0vDsPn7v/kzAsAmCP/vmIWFhYcPHwYKQydaY8JeVdjCXn8U2qo9BADg2eLvymZnZ0dHR48fPy4aQhiwhwAQPUKqMU+fPtVqtenp6RcuXHC73YQQt9ut0Wg8Hk9MTMzr16+54ZMnTxQKRVNTU2ZmZmpq6qVLl/78+RNoZKPRWFRUFBcXJxoK5yWELC4uXrt2TaVS5ebm3rt3b3V1lfz9pqW5uVmr1SYmJpaXl8/Pz9+8eVOlUqWnp1++fHlxcZHpvry8fOXKFYVCsWvXrrt37zLdhetvaGhQqVTZ2dmvXr1iOn7+/PnIkSPx8fEqlaqsrMxmsxFCbDbbqVOnFApFXl5ee3s7m5foLDyrq6u3bt3KzMxMTEwsKyubn5+PPDvuHo6PjycmJvb29hJC5ufnU1NTP3z4sK6hGEwX7oYwd0SPWDQp4WiBPh7CEw/eHgCi3No1xuPxWK1Wk8nU09Njt9vr6+sJIcnJycPDwxRF0TRdUVHBDc+ePevxeHp6esxms9lstlgsjY2NgQYP8kWZ6LyEkBs3btjtdovF0tHRYTQaX7x4wW3f3d1ttVrtdnt+fr7T6ezr6/v06dPExIRer2ea3b9/f2lpqa+vr6Ojo6urq6WlhZcOs/7h4eGBgYHW1tajR48yHS0WS2VlpcPhGBgYUKvV1dXVhJDq6uqkpKShoaF3795xa4zoLDyNjY2dnZ2dnZ2jo6M5OTlDQ0ORZ8fdQ61Wq9frdTodIeTOnTslJSUnTpxY11DczwBvQwIdsWhSwtFE+wY68dA/TgAQdfxBTUxMEEJ+/frFhCaTaffu3eyPKIritmRCpsvU1BRz/82bNwUFBcz11NSURqNhu3g8HoqiXC6XMAw0r9frpSjq+/fvzH2j0Xj48GG2/cLCAnO/u7tbJpMtLS2x3ffu3ctcK5VKj8fDXFut1sLCQtH1s6sS9e3bt6ysLK/XK5fLuZmmpKQEn4UrIyPDYrFw70SeHW9LV1ZW8vPzDQaDUql0OByhD8U9XOGGBDliYVI8gfoGOvEgcwFA9Nu2ZhGiKIp94ScnJ8flcq3ZRS6X5+bmMtf5+flTU1Nsd5PJxDZ7//59YWEh+y4WLxSdd25ubmVlRavVsoMzv4OY9snJycy1Wq1OSkqKj49nuzudTkLIz58/nU6nRqNh7vt8vm3bRHaAoijhG2K9vb11dXVDQ0MrKys+n8/n883NzRFCuJkyF6HM4na7XS7XgQMHuDcjzE64h3Fxcc+fPz958uSzZ88yMzPXNVTwDRE9YtGkhAJ9PAJ90gK1B4Dot3aN2UCxsbHZ2dlsuPlvlNE0LZPJzGYz+0tfJgv1rYfS0tKrV6+2tLTI5fKZmZni4uLIZ4mNjV3P8tcm3EOHwyGTyRwOx8ZOFMSGJwUA/1+SvFdG0/T09DRzPTo6unPnTmGb1dXVt2/fsr8QeWEgGRkZ27dvHx8fZ8Lh4WH2z4VQZGdnJyQkuFyuHX9xa14QP378sNvtt2/f3rNnz44dO+RyObMYQgg309BnSU5OTktL4/1T/AizE+6h2+2ura1tb29vaWn5+vVr6EOtSfSIRZMKse8GtgeA6BF+jVEqlTRNj42NiYY1NTU2m21wcNBgMJw+fZrttby8zFyYTKasrCz2eyFeGEhsbOy5c+d0Ot309DQz+Pnz59e17IqKiqqqqsHBwdnZ2aampgcPHoiun0elUqWlpb18+dLtdo+NjRkMBmYxxcXF3EzXnIVNnxCi0+kqKyv7+/ttNtv169c/fvwYYXbCPdTr9ceOHSsvL6+pqamqqgp9qLS0NJqmR0ZGRN+IY4gesTApYeKB+gax3vYAEC2CP64RPthnH2v7/X6DwZCQkNDa2soNm5ubKYp69OhRRkZGSkrKxYsX2UfK3NFqa2v1ej07FC8MMq/H46msrFQqlWq12mAweL3eNdfJDWma1ul0arU6ISGhpKSEfcDOW79wK7q6ugoKCuRyeVZWVk1NDTPgzMxMUVERRVH79u17/Phx8Fl4i/R6vXV1dUqlUi6Xl5aWOp3OCLPj7aHZbKYoinlaTtO0RqNpa2sLfaPq6+uZw+V1YdcjesSiSfHeIBDtG2hhQeYCgOgX4/f7N7ZoTU5O7t+///fv38Gb5eXltbW1HTp0SDSEMGzaHoZ4xBvSN5K5AGDLbeozf66RkZEgIYQBewgA0Wbr/99lAAD4V6HGAACAVDb+eQwAAAADf8cAAIBUUGMAAEAqqDEAACAV1BgAAJAKagwAAEgFNQYAAKSCGgMAAFJBjQEAAKmgxgAAgFRQYwAAQCr/ARMMiJ+TMR6gAAAAAElFTkSuQmCC)

Research’s Comment:

![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXxElEQVR4nO2dfUwUxxvHV7zCcRwgcBxvJwI2JzW0UqVEG9taQyySi6WtLwSptpVSQyilRI0S21JLrVVqWkotf1CjjbFN0xpDjCENoYYaYpHiiYiIFgGP84qAYE88D7j9/THpZH+7M3N7cIsvfT5/3S6zzzzzzMw93M7ud2bwPM8BAAAAgAL43G8HAAAAgEcWyDEAAACAUkCOAQAAAJQCcgwAAACgFJBjAAAAAKWAHAMAAAAoBeQYAAAAQCkgxwAAAABK4T7H9PT0zBAwe/bsHTt2jI2Nsa96//33/f39Dx8+7CU/AQAAgIePGW7f8+/p6UlKShoYGOA4zuVyXb16NS8vLy0t7ZNPPqFdMjg4qNfrW1pakpKSZs6c6WWXAQAAgIcEuffK/Pz8/Pz8/P39n3zyyfLy8p9//plR2G63azSaBQsWQIIBAAD4LzOZ9Ri1Wu1wODiOu3fv3qZNmwIDA+fMmfPRRx9NTExwHDc4OBgXF2e322fMmHH48GFimZ6ensDAwM8++yw8PDwqKuq7776jWUMlv/jii/j4+JCQkPXr14+MjCA3JiYmduzYERERERAQsGbNmsHBQZoRAAAA4L7gcY4ZGRkpLS3NyMjgOG7Xrl2jo6Otra21tbUNDQ1VVVUcx4WFhXV0dGi1WofDkZOTQyzDcZzdbu/o6Ghrazt06NDSpUtp1lDJ1tbWxsbGpqam3t7ekpISdH7v3r11dXV1dXWdnZ3R0dHt7e0MIwAAAMB9gHdHd3c3x3G6f/H19c3Ozrbb7TzP63Q69IHnebPZnJqaii/RarXoM7EMsjk0NCSsiFHy9u3b6Pzp06cTEhLQZ7TkI/KW5lJvb29cXJzbxgIAAABeRCUnD2k0GrPZzHFcXV3d9u3bq6ur/f39b926NTAwEBcXh8q4XC6VSmyNUUar1YaEhMgsGRgYiD4bDIahoSGO40ZGRoaGhp566imZ1UVHRzc2NsppLAAAAOAtZOUYHx+fmJgYjuM2btxYXl5eXV397rvvOhwOHx+f5uZm/D3u4yO+8yanjKclhYieKWAYmTlzZlRUlJzGAgAAAN5CVo4RsnPnzi1btuTl5UVFRWk0mqGhoaeffppWWE4ZT0sigoODQ0NDz58/v2DBgkkbAQAAABTF4zX/devWBQUFHTp0iOO4nJyc/Pz8ixcv3rhxY9++fcQ3ZuSU8bQkoqioKC8v78KFC319fe++++7vv//ONnLv3j1PGwsAAABMCbcrNsIFfMSRI0fi4uKcTqfD4SgqKjIYDBqNJiMjo6urS3oJsYzUpsyS3d3ds2bNQp/Hx8e3bdum0+nUanVmZubAwADNCK1GAAAAQFHcv+cPAAAAAJMDNDEBAAAApXhwc0x8fPz58+dphwAERCEgsADgRR7QHHPhwgWXy4WfGRMdAhAQhYDAAoB3cZNjkFwY8U8jIyOfffYZ7XCK1NTUrFq1inboFXp6etBLoIw2PrDggNy8eXPNmjUhISFo54WoqKj33ntP+AQd7pepNJN2rfC8HPvyfbhfnaLESMPgIfdQc7+65mGcpwA3ld8xw8PDu3fvph1OkWnIMZg5c+agnQseInBA8vLynE6n2Wx2OBwOh+PUqVNtbW179uzBJb3bLyKUC9396hRFRxoA/Ad5EO+V3bhxo7Ozc9myZcRDJfDz81POuNfBARkbGztx4kR1dfWcOXPQ5gvz5s3bvXv3sWPHps0Z5UI3/Z0yDSMNAP5ryMoxX331VXx8fFhY2Ouvv46k9UdGRoQC/sLD/fv3BwYG7tu3LyIiIiQkZOPGjXfv3kV2zp49+9xzzwUGBsbExLz22muXLl0iVldTU7NixYrHHntMdCjU+Q8ICFi3bt3g4ODWrVvDw8PDwsLefPPNO3fuoEtoCv99fX0vvfRSYGDgvHnzjh49ik4ybviI7qfJqVoIcfeBO3fuvPPOO+Hh4bNnz/7444+lWxi4tY8DYrPZfH19w8PDOY77448/5s6dGxIScvLkSYvFgkoK++WXX34hdiU7YkI+//xzUZ8ybl+cPXt2yZIl/v7+4eHha9as6evrIxYThl2414PQ8oz/h+O4V155Zd++feiv58+f9/Pzw2155513tm7dSnSAsU+EKLBu7TM6UbRjBWPISeeI/D0vOMpskjnFrl27FhAQcO7cOY7jBgcHQ0JCfvvtt0kMclrHEac/cTrQBgPRAkcawOzyUrw+K+XHzW0txGH5sOM+x9jtdrPZjKT1rVbr9u3bOY4LDg4WCvgLD1955RW73d7U1NTc3Nzc3NzS0rJ3715kymQyvfHGG729vadPn166dKlarSbWyLhRhpw5ffq02Wy2Wq2JiYkDAwOtra1nzpzp7u7Gsv80hf+CgoKgoKD29vaTJ0/iCS8TmVULIe4+UFhYaLVaW1paamtra2pqDhw44Kl9HBCXy4UF2QoKCtauXdvZ2dnS0uJyudBJab9Iu5IdMWHzm/9F2Kc0Wlpa8vLybDZbW1ubwWAoKChwG17RXg8Yx79s27YtKyuL4ziTyVRXV4f+euLECZfLVVtbiw7r6urQxhNEB2j7RIgC69Y+oxNFraANOdockb/nBXE2yZxi8fHxJSUlRUVFHMd9+OGHGRkZL774IjepQS51mNY04nSgDQZacIgDmFaeiBKzUmYxRi2MYfnQw35FUySt39jYiKX1pW/go0N0SW9vLzp/7NixlJQUnueHhoZUKpXD4ZDWIhTet9vtWq0Wy/4LD5Hl4eFh9KfTp0/7+PiMjo5i3x5//HH0majwPz4+rlarhY4hyQBhQ2iyAvKrFiLdfWB8fFyr1WL1gZqamsWLF3tkXxQQ5O3o6KiPjw9SOqivr8dSCNJ+IXYlLWJCI8Q+ZYROyNWrVyMjIxllpHs9SEu2tbXFxsaiNlqtVo1Gg8ZSampqcXFxdnY2uiooKMjpdBIdYOwTIQos277D4WB0orAVjCFHiycnb88L4mxiTDEpTqczMTGxtLRUp9PZbDZe9iAUdbq044hN4ymbcUhhB0c6gBk1EvH6rJRZjF0LbVg+ArjXxBRK60dHRyNpfTZqtXr27Nnoc2JiYm9vL8dxISEhq1evXrx48fLly6Ojo1NSUl544QVsFgvv//rrr6mpqfjxG9GhVqsNDg5Gnw0GQ1BQkL+/PzaCVolpCv/9/f0cxwkdc9sQURzcVi2EuPtAf3+/0+mMj4/HPqARJt++KCCIoaEhX1/fsLAwdC2jCcSulLNNA7FPGZw7d27btm3t7e1Op9PlcuGfVgzf2M9c5eXlVVRUoDZGRUUZjcbGxsb58+dbrdYPP/zQaDROTEzU1dWlpaWhu6xEB4j7RCCEgWXbHxoaYnSisBWMIUeLp8w9L4iziTbF0N1UxM2bN9GHxx57rLKyMi0traKiIiIiAtfu0SCXOkxrGnE6IKTuMYJDHMC08lLLCs1KOcXYtRCHJbHjHjo81l2eCj/88MOff/7Z1tZmtVqLi4ufffbZr7/+mvt/4f2pP1E2uW0CFEK0+8DUIQZEeNPM7be5FCUilpmZmZubW1VVpVarLRZLenr6VKx98803CQkJL7/8Mj6TkZFRV1fX1dVlMpmCg4OTk5MbGhrwjbJJOCAKrFv70wOja4iziXgSbf4kxWaz+fj42Gy2aWoMZTrQ3Js6NMten5UKoVxkphNFvnwdDsf169fR587OztjYWPynRYsWbdy4cceOHQcPHjx+/LjowomJiRMnTuCpLjqUCVb4j/kXlMD0ej3HcULHpNeGhoaOjo7+888/6BAvnk8CvPuA8KRer/f19b127Ro67OjowP+iykEUEB8fH5RRQkNDHQ7HrVu3OI5z+wtDCi1iQhh9KuXmzZtWq/WDDz6YO3duTEwMbVVAJn19fZWVlRUVFcKTaMkEJ4bMzMzjx4+fOnUK5QBPHZCONIZ9+Z3IGHIy48nuGuJskp6MEYCvHRkZ2bJly9GjR6uqqmiPBkwOYtOI0wEhdc+jwcYoL7WsxKyUySRqIXbcQ8fkc4xOp3M4HFeuXCEeFhcX9/X1Xbx4sbS01GQycRx36dKllStX/vbbb4ODg9evX6+srExOTsbW0GuDjY2NkZGR+Oek6FA+RIX/mTNnpqenCx2TXhgYGJiSklJcXPz3339fuXJFuCouE+H7j9LdB2bOnJmVlVVUVHT9+nXkQ3Z2tnzjooDodDqn03nu3LmAgIClS5fu2bPnxo0blZWVwktE/UKDGDHRbgjSPhWC8tzly5cnJibCw8NDQ0O//fbbkZGRK1eu4FALy0jt0ygsLCwrK9NoNPfu3cOXLFmypLu7+8yZM8uXL+c4btWqVYcOHYqMjERfwTQHaEhHGsO+/E5kDzl2PDHEriHOJvYUE1FSUvL888+vW7euuLg4Pz+fHR8hok4kQmwacTMOjyx4pbzXZ6VMpqeWBxH2cg1DWp/n+dLSUo1Gc+jQIeHhF198odVq9+zZo9frZ82atWHDBrT85XQ6S0tLjUajr6+vXq/PyclBK43CWrZs2VJSUoLtiw7ZzggPaQr/FotlxYoVWq3WaDSWl5dL1/x5nr969ery5cu1Wu38+fMrKiqIZWhVi4oRdx+w2+15eXk6nc5gMJSWlo6Pj8u3LwoIz/PFxcWbN2/meb69vf2pp56aNWtWSUmJ8FpRv9CqkEZMup6/d+9eUZ+K3N6+fTseDw0NDSkpKWq1OjIysri4GNeFy7CfFxCeoY3Y7Ozs1atX48OUlBRhcKQOMIIsDSzbvpxORDCGnHSOyN/zgjibGFNMRHNzs1arRevkDocjLi7u+++/lz+/iJ2IixGbxlOmgxSZwRFNOmKNRLw+K+XHbRK1PAK43z/GU6ayU4vRaDxz5gztECAGBI1UYCpM80h7hHczmnrTPLXwCAfz0WBa1/zdcvnyZcYhQAzIw7KA+SADIw0AFOJB1JIBAAAAHg0gxwAAAABK4c0cg4R35syZg5/99TqeisyLyntxA4LpURr37o4J8pmEUL9bV4UF7qM+PH5h8Nq1ay+//HJISEhERMTbb79NFIkSlr98+fLKlSuDg4MjIiI2bdrEFpViGw8NDdVqtfgG3eDg4Ouvvx4eHh4TE7Njx46xsTHGeUboiB7evHlz/fr1YWFhMTEx77//vsxn+SbN1Ke/pxYU/cIBps4j8juGJgUvOq+o0L0SPMgOexrbB60tJpMpMTGxo6PjzJkzAwMDbp/fzcjIMBgMHR0dLS0tDodj8+bNkzZeUVGRk5Mzb948dLhhwwaXy2U2m+vr60+dOrVr1y72eY883LBhg1qtbmtra2hoaG1t3blzJ9sIAHgZLz4/MA0PeMipglHGix5Oz9Ms9+uZmUnU6/YSmeJmioIfDO3v71epVPi82Ww2GAyM8g6H48svv8SiUq2trcTyCLbx27dvJyUlYVN2u93Hx0eodmU0GhnnaaEjemi329VqNZY7a2pqIgrrAYByuPkds27duk8//RQfLlmyBEn34zO0rf0YgtVErXKiqjlNH16+yLzwvGg/Ao8k02kQpfKJCt5y5OhFiBymWSYibR1Dzl2OLrq0akZs5bSFFj3G8PB0bwUEUV0/PDzcaDR+8803HMfdvXu3qqoKiz0Ty/v5+b333nuovWNjY0eOHEHvZnIkrXiGcY7jKisrt2zZgkM3MDCg0WiEaldI5Yx2HiGdAkQPAwIC7t69GxAQgK5yOp2+vr60QAGAIrBT0M8//4xFTK1Wq1qtvnDhAu2NIakg64YNG6xWa2dn59KlS/Pz89GfSkpKsrKyurq62tvbly1bVllZKSxvs9lqa2s7Ojp4nq+qqjp48ODw8LDNZisqKsrMzETFVq9e3dvbe/Xq1aSkpNLSUmnVtP+XsdD9+Pg40Q2e5/V6fXV19dDQUFdX1/79+/H7myKQJ2+88YbVakWvbaJ3IXmef+utt0wmU29vb1tb28KFCysqKnier66uXrFiBSpQVlamUql+/PFHdJiQkFBfX0+sRegwzTIRYuvKysqef/55nufz8/OxkLDbeNIaxYit27YwoscYHjk5ORaLBQ0nnU6HLke7ihUWFtJCkZmZKWwgHq5dXV1BQUFqtVqlUiUmJuJ/9mnlEceOHVOpVMuWLcPyxrt3705JSWltbbVYLIWFhQ0NDQzjdrtdp9MlJCRER0eXlJSgUDBeLSSeJ3YZw0NMenr6nj17aIECACVwk2NGR0eDgoLQ+8AHDhxYtWoV461UaY4hClYTtcqJquZChPLs8kXmpd7iQ/mS6URoSuM0BW9P5eilDtMsEyG2jibnzo4nrWpGbN22hRY9mucy5dOl0NT1eZ4vLCxcuHBhU1PTr7/+ajAYqqur2eURo6OjDQ0NSUlJVVVV6AxRsp5onOf58vJy9G45Sg/SVC0zxzCk7KUeIkpLS9PS0uCNXWCacb8ek5WVhf5fTktLO3LkiPwcQyyGZKt1/xIaGqrX66XlES0tLWlpadHR0agkkgNRq9W4QHt7u/RyOTmG5gZqb3JycnFxcXl5+alTp/C1OgGMBlqtVl9fX3y+s7MTbZ3C83xycnJ9fb3NZjMYDMPDw3q9fnx8vLq6+tVXX5Xal/pPsyy9kNE6tPUW/gEkJ560qtk5RuqVF4cHQ65DVC/68S1sICrpdDo1Gk1rays6f/ToUfRNTSsv4uTJkwsXLuR5fnh4WKVSib64acZ5njcajTg91NTUpKSkTCLHELuM5iHi+PHjCQkJNPkWAFAO9+/5r127trKyMicnp6mp6dixY3L2j2HgkYy8d/XhZbpB24Bg6jrbbLn4SduXXsho3bTJuU+uOVPfZUBmvWgPmCeffBIdJicnszW2x8bGzGbzM888gw4TEhKsViv+q0hqgWb81q1bXV1deKcTo9EoNDJFGB5evHhx8+bNtbW1aPcdAJhO3OeYjIyM3Nzc77//Pi0tDa0oIvV79NlT9XusVf7000+zS2J5dnSIH5NFOt5oosrR/Z6EG4sWLVq0aBHHcRkZGSaTCeUYmfLaWMEbifgKFbxNJlNRUVFkZCR6qBTLxe/fv1+OfZpl6YW01mE59/z8/JycnCeeeIKTF09Go2hMTo1c/vCQWS9W18cNROcjIiJUKtVff/01d+5cTtAiWnmXy/Xss8/29/ejJ1ykkvULFizAldKMazQal8slDGNsbKxOpxsdHR0ZGUHL+xaLBflAO89Ruozm4a1btzIzM/fv3y/0EACmDzk/drKzs4OCgn766Sd0mJqampuba7PZ0Oorvplw+/ZtlUrV0dHBWMnkeX7z5s2LFy9GPxT27t27a9cunnKvTK/XHzhwYHh4uLOzMzMzE90r4zhu9erVFoulra0tOTlZukbNcMNut6tUqs7OTpob7e3t6enp9fX1AwMDvb29ubm5JpOJGBNGA3Nzc1etWkVcmdfr9Xq9Hq3KWCyWoKCg5ORkRuSFDrMtiyC2Lj8/f+3atTzPl5WVLVu2jBcsIIviKYwhrWpGbN22ZYrDg3GvTApaw8cNxCULCgqWL1/e1dXV0tJiNBqxfDitvMlkysrKslgsZrN5/vz5Bw4cQOd3796dmpqK1vwLCgrQmj/DeHp6end3d2tr6/z58w8ePMjzfHp6ek5ODn46ZufOnagw8Tyty4gejo+Pp6WlFRYWOgTQAgUASiArxxw/flyr1eIlVqL6PYIm+i38FiBqlRNzDE2eXb7IvNQs3o9AvmQ6MSaMBhIVvBFsOXoiwg0UGJZFSFvHkHMn6qILhfqJVTNi67YtUxweHuUYoro+qqigoECv18fGxpaXl7st39/fn5WVNWvWLIPBUFZWhssTteJpxgcGBrKzs0NDQ2NjY/EjXv39/ehkdHT09u3b8QMgxPO0KUD0sPvf3Xwxj5huPPDgM4OX7M8B/Hfo6elJSkoCKQ4AABTiEdGSAQAAAB5AIMcAAAAASgE5BgAAAFAKWI8BAAAAlAJ+xwAAAABKATkGAAAAUArIMQAAAIBSQI4BAAAAlAJyDAAAAKAUkGMAAAAApYAcAwAAACgF5BgAAABAKSDHAAAAAEoBOQYAAABQCsgxAAAAgFJAjgEAAACUAnIMAAAAoBSQYwAAAAClgBwDAAAAKAXkGAAAAEApIMcAAAAASgE5BgAAAFAKyDEAAACAUkCOAQAAAJTif1iiaXk4ZpNfAAAAAElFTkSuQmCC)

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability Reported:	6 May, 2020 13:23 GMT
Vulnerability Verified:	7 May, 2020 09:23 GMT
Website Operator Notified:	7 May, 2020 09:23 GMT
a. Using the ISO 29147 guidelines
—	—
b. Using publicly available security contacts
c. Using Open Bug Bounty notification framework
d. Using security contacts provided by the researcher
Public Report Published
[without any technical details]:	7 May, 2020 09:23 GMT
Vulnerability Fixed:	8 May, 2020 12:51 GMT
—	—

JSON