logo
DATABASE RESOURCES PRICING ABOUT US

sofun.com.tw Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1157478 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[sofun.com.tw](<https://www.sofun.com.tw>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **DkilerS2 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATgklEQVR4nO2df0xT1xfAn1ih1gdC19byw6UQg8awio416JgjSpxDQhpkoKxRNIYxwogjzJHGEKYODUNjnCFkwUUXomYxpjHMOMPMRghTxKZiwxjBBrtaOu0qkKqVIe/7x/1+X973/bh9sD4o7nz+6n09995zzr2v5737bs9bQFEUAQAAAAASEDHXCgAAAACvLBBjAAAAAKmAGAMAAABIBcQYAAAAQCogxgAAAABSATEGAAAAkIrwjTHJycl3794VKgKzzHz3/3zXHwDmKWEaY+7duzc1NbVmzRreIjDLzHf/z3f9AWD+EiTGPHjwIDo6mversbGxo0ePChX/IVeuXMnPzxcqhieffvrp4sWLz507N9eKBGEGIyWp/x88eBAXFxfCBrkGhlz/afkQcxJhePLkyZ49e9RqdWJi4ueff/7333+L7/fFixc7d+5kdcp7kCCIX375Ze3atUuWLFm/fv29e/emq+c/Z84VCCHS2TKzWRQWUFiGh4dJkhTzFUZyBhgMhuvXrwsVwxCv1xsREWGz2SYnJ+dalyDMYKQk9f/w8HBsbGxoG2QZGHL9p+XDmZ0a+fn5JSUlLpdrYGAgKyurtrZWZFOBQCA7O7uwsJApyXsQodVqLRaLz+err6/PyMiYrp7/nDlXIIRIZ0tof2Bnk3BcKxsZGRkcHMzOzuYthid+v1+hUKxZs2bhwoVzrUuImRf+xzAf9X/+/LnVav3mm28SExNXrlx54sSJS5cuiazr8XhycnKampqCHkRMTk5mZGTExcVlZGRMTEyEQPtpMucKhJBXyZaQgQ9BKHiePHlSp9MplUqTyTQ6OkpR1OjoKN3C2bNnmcXjx4+TJNnY2KjRaGJjY3ft2vXs2TPUWk9PT1ZWFkmSCQkJBQUF/f39vJ22tLQUFRVxi0ajsbGxER202WyRkZFIGYqiysrKampq8AIrVqzAV2epwaut3+8vKytTqVRJSUn19fXorsXr9bLMZzqQvkhHzmxqatLpdLGxsSUlJbQCTCYnJ2trazUajUKhKCws9Hq9Qv0yG1QoFEVFRV6vt6amRqVSKZXK0tJSv9/Papw1cEFdyvQ/986Vef/B665AILB3716SJF9//fW6ujr6Js/lcm3ZsoUkydTU1IaGBrodru2YTnl7ZBlIcaaTFF0wx5c784VOIkwVFufPn9+4caNQv7zwXvbyHqyrq9Pr9RUVFXq93m63c+W5Mxajttvtzs3NJUlSp9M1NTWJuUPFKEDxDcHp06e3bNlCC5jN5l27dvFKij9BeAc6DG05duwYfqqEIcFjDEEQpaWlbrd7aGho06ZN5eXl6KuBgQGSJAOBAPrhoIsOh4MgiMLCQqfTOTQ0lJaWVl9fj6poNJrW1lafz+dwOE6cOOFwOHg7zc3NbWtr4xZbW1vp8Thy5IhMJrt48SIqpqSk3LhxAy9QU1ODr85Sg1fbvXv35uXlOZ1Ou92+bt26U6dOsbzhcDgwMYYgiF27drnd7sHBwaysrIqKCq75DQ0NGRkZfX19Lperqqqqs7NTqF/UoMlkcrlcqEGVSoUGC125V1VVcdtnDlxQlzL9j48xvO4ym807duxwOBz9/f3Z2dmnT59GwkajkTlD6Ha4tmM6FZpOrJnJmk5SdMEcX+7Mx5xEQlVY45WQkNDT08PqV8WBWUt8jGlsbCRJUqFQuN1urjzvjMWoXVBQYDQaPR7P0NCQXq+nPYnRFqMA7xC4XC65XD4+Po4E0tLSLBYLr6T4E4R3oMPQFvxUCU9ExRjaBd3d3SkpKfRXvM9jUBWn04mOX758Ga1L+nw+mUwWCAS4vTidTp1Ohz77/X6SJH0+H7fodrsVCgVqwWAwVFdXl5SUoB5jYmImJibwAk6nE1+dqRKvtpOTkyRJ0j80V65cyczM5JqPjzG0M7u6umhnMtFoNFarVUy/qEH6orirqysiIoK+uunu7l6xYgW3faaGQV3K9D/GNKHBValU9KWizWYzGAzIHLlczpwhzN90lu1CnWKmE7MKazpJ0QXzIO/Mx59EvFVoXC5XSkoKHfiZ/bo4iNGQdbC1tVWv13s8nuzs7K1bt1IUNTQ0pNFomOpxZ6yQ2mhk6YnKHFkhbfEKCA1BZmbmpUuXaIsCgQCvpMgTROhkD0NbMFMlbJEFXUwjSZLez5CQkODz+YJWkcvly5cvR59XrVrldDoJgoiLiyssLMzMzNy0aVNCQkJGRsa7775LN9vd3Y0+X79+3WAw0BuNmMX4+PjU1NTu7u7Vq1e73e66urrU1NSXL192dHTk5OQsWrQIL7B8+XJ8daYJvNo+evRoYmIiOTmZNg0NvHiYzkxKSuI6c2xszOfz6fV65kFMvyRJLl26lG4wJiZm8eLFtFeZi3i8BHVpe3s7cziE4HXXkydPvF6vTqdDMlNTUzKZDJlDEARzhmBsn1aPXDHWdJKiCya8M5/AnkRCVRCFhYX79+8vLi7m9pWYmCjGCjxms/natWvLli07f/68Xq8/evQoMpYWEJqxvGo/evRoamqKOVGDaotXQGgIjEZje3v79u3b29vbc3Nzo6KioqKieCXFnCBCJ3u42YKfKmFL8BgTQi5cuHDnzh273e52u6urqzds2PD1118TBLFw4cL4+Hgkg9+1nJub29HR4XA48vLyli5dmp6e3tnZ2dHRkZubK0YgaHW8tmazWTrnMJnNjQN4n4jf9cvrroiIiN7eXhRaCIKIiAi+x0S87ULTiQmv/qHtQjpGRkb6+vp+/fVX3m/VajXryOPHj6fV/uPHj30+39q1awmCiI+PR8/nent7s7KyZqYwBl5txSjAOwQFBQVIpr29vbS0VEiypqZGpHrTOtnD3JawA3+bg1/5EbNWZrFYeO/pbDZbUlIS6yBaZabvT1lFiqK6u7sNBkN+fv7Vq1cpimpubq6qqtJqtfTqJ14gaHUhkLZi1srGx8cjIiKYywsYj/E+RdRoNDabjeUWobUyTINC7bNqYXzC8j/GNF53URRFkiRrYYrirJVZLBbmWhnLdpGdMqcTbSB3/oS8CyZCMz/o8qnQyTI5OclSPrRrZWggBgcH6SNlZWUEQdAPq4U0F1IbNTg8PIyOB11fCqoAC+YQpKWldXR0xMbG0gPHlZzZCUKf7OFmi5jf1TBk5jHG7/fLZDLap3SRfjblcrnsdnt6ejp6NtXf379169YbN254vV6n07lv3768vDy6ZbT42NnZmZaWRh9kFREajUaj0SB5l8sVExOTnp4uXgD/Lb0GKqTtvn378vPzuc/8mY4yGAz79u3zeDzoMaOYGMNce21oaDAYDOihdGVlJXrmz9uv+FOI2T5r4DA+4fpfyDQhd5WXl2dmZqLLscbGxkOHDiF59MyfniHMZ/5c23k7xUwn2kDe+RPaLpi+FZr5QWMMtwoNa1GeO3ZCiHweU1FRsWHDBrvd7vV6z549q1KptFrtwYMHeeVZMYZX7cLCQqPRODw8bLfbmc/JhcArgBkCtIOLLvJKijxBhHoJN1vwUyVsmXmMoSiqvr5eoVDQ2yhREW3e5e6xm5iYqK+vT01NjYyM1Gg0JpPJ4/GweqmpqTGbzXT7rCKipKSksLCQLmZkZLBk8AKYb5nGCmnLu4eYVRftHSJJcvXq1adOnQoaY7hXlwcOHFCpVHK53Gg0Bt27LDQ6Qu1TnIET8gnX/0KmCbkrEAjs378/KSlJoVDk5ubSV+XMvcvMXaG8tvN2iplOtIHvv/8+d/6EtgvmVnWh3aVBFwOENqTyXmizxk4IkTEmEAjU1tbqdDq5XL5u3bq2tjaHw6FQKFDoxc9YXrU9Hk9eXh7a73vs2LGgv8t4BTBDYLPZCMYebl5JkSeIUC9haEvQbe5hSJAYMwN4J7dIUlNTb968KVQEZpn57v9Z1n8GM/+fnCxziEi1BwYG6F1VIcfv98vlcuaOQUl5lWyZZWb1mX9Qfv/9d0wRmGXmu//nu/7zHZvNlpKSIlHj169fz8rKCm2mOwyvki2zTDjmkpkrIP37tLh79+7HH3/MOhhCHyYnJ9+5c2fnzp1//vlnSBoEZoHDhw+fOXPm8ePHt27dMpvN5eXlUvQyNjZ2+vTpoqIiKRqneZVsmUMgxvwXSP8+XUpLS+n/viBC6EPU1JtvvhkZGTmPd23++8jOzm5ubk5KSjKZTFVVVbt375aiF/qZhBSN07xKtswlc7JCx/1XvNA+wlnjyJEjlZWV060VwvX0OfdAUEZHRxsaGtBnlGeateuJ9iHzr6kymSwtLY3+pzrF57TGxsaUlBTmejTdlNVq1Wq10hkFAICkwH3Mf5kXr6iZW1CMQZ9RnumoqCimANOHKCtGIBBwu90HDx6srKz84YcfeJv96aefjhw5YrFYmOvRdFNKpdLv90tiDwAA0jM3z/xlMllqairvhzlhPqZ/Dze4PkQRSK1WFxcXj46ONjc3b9u2jVXrjz/+2LFjR0tLyxtvvIFpCgCAeYqo92AePXpUrVbHx8efOXOGIIjbt2+vX79+8eLFarX6gw8+ePjwIRI7fvx4cnJyXFzchx9+ODY2hmk2MTHxzp07rA+3bt2iBX788Ue8YrTA7du333nnnejo6MTExO3bt//2228EQRQXF3/55Ze08Pr168+dOzcyMrJt27bo6Ojk5OTjx4+zrpq3bNmCUpY9ffr0o48+UqvVy5cv/+KLL16+fEn7QYyBvNW5HkPCDx8+fO+996Kjo1euXHn+/HmMvUiBr776atmyZXFxcbt3737+/DkhMEBBTViyZElxcfFff/312WefqdXq1157bc+ePU+fPsV0NDY2ptPp/H7/ggULeN/1yfQhF4PBYLfbWQdfvHhRUFBgMpl27twppqmgswIAgHAj+FqZ3+8fGBiw2+1nz55FeXWsVmtZWZnH47Hb7UlJSZWVlUisr6+vu7u7p6fH6XQys/2oOQTttLS0dPPmzSj8sLh9+/bmzZvpxD55eXmlpaVOp7OrqysrK0sulxMEUVRUZLFYkMDIyIjNZjMajZWVlZGRkUNDQx0dHd999x2zTeYiT1VVldvttlqt165du3LlSnNzM+0HIQOZ8Fbn9RhBEJWVlTExMf39/VevXmXGGF6P+f3+np6e3t7e3t5eq9Xa2NgoNEAYE2w2W1dXl81mc7vdq1at8nq9fX19N2/eHB4epi3i7Wjp0qV0YnmTycQ1HL/YqFQqx8fHWQcrKip6e3u523WEmsLMCgAAwhT84xr08Bbz56ChoSGtVovPWo9PrMSL3+9vaGhQKpVFRUV05ozBwcGioiKlUtnQ0IAyxguly3727BlK5k9RVHNzc35+PiZTNzP9Oz6LPm+Sc9Zf9IUSmrE8RmFT3HM9hs8bzxygf/giAEwKcaaxLMNZKfS5T/W5f25vaWlJTU0tKSkpKChgSmKa4p0VAACEM9PLJYOwWq05OTkJCQnodXKxsbEisz1OF5/PZzQaZTIZKspkMqPRyHp35I4dO9LT06urq5uamn7++WfmcZTUKycnp62tze12R0ZG0t/29/fTGl6+fHnTpk3oM0tscHAQxQORaWCEqnM9hoTlcjmvSlyGh4dZwuhfx9wBmq4JXIt4O6KwMYbpQ16tWDFGJpNpNJqBgQGPx0OSJHPggjbFmhUAAIQzM9lXZjQaN27c2NnZabPZrl69GlR+BmtlBEHcv38fpSw8dOgQOnLo0KHOzs6Kior79+/TYhcuXECvBpqYmKiurv7kk0/QcbRc9uTJk56eHvyGsVnYUTY7HptDgvrQ5/PFxMTQxampqdbW1pUrVy5btuzAgQPV1dUim+LOCgAAwhp8COJeRT569Ih5CWmz2YLex8xgray8vJwkyerqapSykMbr9e7fv58kSfpttUyY6bIDgYBSqTx58iRaihHK1M19m8C0suiLWSvj9RiFTXEfdK1MKG/8DEzgWsTbESV8H8NNoc/VqqWlJTc3l/fbZ8+eJSUltba2Bm1KaFYAABC2zGStTKPRNDc3j46ODg4OGo1GKdbKTCYTHQ94tTKZTFSw9wWUlJTExMR8//33qMibqZub/n1aWfTHx8dlMtnAwACdgJm3OtdjSFgoxT2vyYSIvPEzMIFVxKQQZyaWdzqd9JIa14fD/3trbCAQ8Hq9Fy9eVKlU7e3tzG+Z8t9++61Wqx0fH+c2NTQ0ROuJnxUAAIQhM4kxnZ2dGRkZcrlcq9VWV1dL9zwmKPjs6xaLhSRJfNZxbvr66WbRr62tZeZa563O9RgSFkpxz0Vk3viZmUD9f4zBZJunE8sHAgH6jUxcH7L+57969Wr8//wpikpPT6+treU2denSJb1eL+QWAADCnLnJJTPn0Jm650v6+llLAi++o6qqKvRwPoQ+ZDUVCAR0Oh1aRgMAYD4SXrn9Zw06Uzekf58xTU1N6N1KIfQhq6moqKi2tra33347VO0DADDL/ItizOHDhxMSEvLz8x0Oh9lsrqurm2uN5jeLFi166623pO4FAgwAzGv+RTkxZydTNwAAAECzgKKoudYBAAAAeDX5F93HAAAAALMMxBgAAABAKiDGAAAAAFIBMQYAAACQCogxAAAAgFRAjAEAAACkAmIMAAAAIBUQYwAAAACpgBgDAAAASAXEGAAAAEAqIMYAAAAAUgExBgAAAJAKiDEAAACAVECMAQAAAKQCYgwAAAAgFf8BSMuDCT9XIVQAAAAASUVORK5CYII=) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP30lEQVR4nO2dfUxbVRvAr1hH6a4ITekq1AmosBDEbSLWSZTgQkhF0iApH2mwQ7IwMpEQgqwhDcHJFiRk2QhBwwzRZRpDSEMwQbItWYOopGzd1hBkHQFsSoXaFaxYWOW+f9y8N/ftvfe0ZS0tvM/vr97Dc8/zcT6e3nNOL08QBIEBAAAAQAiICrcBAAAAwJ4FcgwAAAAQKiDHAAAAAKECcgwAAAAQKiDHAAAAAKECcgwAAAAQKvZyjklJSblz5064rQAAYPvAKN7t7Nkcc+/eva2trVdeeSXchgAAsE1gFO8BwpBjFhYW4uPjg1jh6urquXPnvAqHh4eLi4tDqgLBwsLC008/HZCKhw8fnjhxIiEhISkp6ZNPPnn06JH/ejc2NioqKpgaWctv3rx55MiR/fv3v/HGG/fu3QvIyKAQdgOCSOh82UYXCpZG+ofgDtVA2d4oDmLowh4BnwQ6Ne08e+E5xul0dnR0eBUGN8ewqgguarV6c3PTaDTeuHFjYmJCq9X6qXdjY6OwsNDj8fhZXl5e3tbWZrFYCgsLq6urg+iCn4TdgCCyl3yJQII7ivckOzA1PSZ7IccwWVpamp2dzcvLC7ch/vLPP//cunXryy+/TEpKSk9P7+7uHhwc9PNem812/Pjxrq4uP8s9Hk92dnZ8fHx2dvbm5mYQrA+QsBsQRPaSLzweLy0tjfVDWNh1oxhgh0AyPz+P4zj9Mi4ujvw8OTmZm5uL43hiYmJJScn09DRBEG63u7q6GsfxgwcParVaj8dDClssloKCAhzH09LSOjo6qEo8Hk9LS4tYLBYIBKWlpXa7HaGRVanT6aR8GRgYIMX6+vqUSmVIVdDj09nZKRaL4+Liqqqq1tfXqfILFy4kJycLhUKVSuV0OhHyXly9evWtt95C6PXZUohyrVablZVVV1eXlZVlMpmYwl1dXcnJyXFxcZWVlaTZaMutVqtcLsdxPDk5uaurix5MVhAGEGzx7+npKSgooAQ0Gk1VVRWrJN1+gUCgVCrtdntTU5NIJBIKhWq12uVycWmJTF/Onz/P2rU6OjpEIpFEIunv76d0yWQyPp8vEolKS0stFguiNbfB6Oio/zKs4VUqlWfPnqWEZTLZwMAAIuD0UexyuU6ePCkSiaRSaVtbGzmxcDnI7POstzMjRgpzTVZM0MPfq418uoDosVyKApoiwsX2c4xYLO7v73c4HHNzc93d3XNzcwRBaDSa8vLyubm56enpvLy8np4eUlihUJSWli4uLprN5szMTKqSjo6O7Ozsu3fvWiyW+vp6vV6PTgCsSmdmZnAcd7vdVEqTy+VXrlwJqQrqXgzD6K61tbVR5Wq12mq1ms3m/Pz82tpahDydmZmZxMTEyclJpl4RA66WQpR3dnbiOC4QCKxWK1MYw7Cqqiqr1To7O5ubm1tXV4f2lCCIkpIShUJhs9nMZnNWVhYVTC5rEQawxt9isfD5/LW1NVIgMzNTp9OxSpJGqlQqi8VC2i8SichWIL8R19fXI1o5An3h6lpVVVU2m210dHRmZoasqq+v76uvvnI6nTabraGhQaFQIFoT4REXEokkPz/fYDCw/nVycjI/P18ikSDCOzg4mJ2dTQpYrVY+n+90OrkCTvzvKK6uri4qKlpcXDSZTEePHr148SLB3V2ZfZ71dmbESGGuyYoZsYDaCOGCzx6LGH1cU1PksM0c43A4eDye2+32kheJRNRXRaPRmJOTQxCEx+Ph8/mLi4tk+dDQED1R3bp1yx+NCKVet7hcLhzHHQ5H6FTQyzEMo7tGjiKynJpKJiYmUlNTEfIUFoslNTX1u+++Y9VrYeCPhfTy/v7+rKwsm82Wl5dXWFhIEITZbBaLxXR3KLPHx8dJsxGWk41LzdH0xmW1Fm0AV/xlMtng4CDljtvtZpUkjaS+rY+Pj0dFRVHPWxMTEy+++CJCSwT6wtW1qO7NitlslkgkiNbk8giBy+Xq6OgQCoVKpXJ2dpYqn52dVSqVQqGwo6ODHPtcjq+vr8fGxpIe9fb2FhcXIwJOH8UejwfHcUpseHhYJpMR3N3Vq89z3c6MGIGcrJgR87+N0C747LGIeYNr4EcOvMBW1v5LfHx8aWmpTCbLz89PTEzMzs5+++23Hz58aLfbk5OTSZmtrS0ej4dh2PLyMoZhzz33HFl+6NAh8sPq6qrD4cjKynocpUyxsbGxnJwc8jRIiFTQ4fP5dNcWFxfJzziOU4dbEhMTHQ4HWp6ktLS0oaGhrKyMVVdSUpKfjnCh0WhGR0cPHDhw9erVrKysc+fOkZ5SAnSzpVIpZTaX5cvLy1tbWykpKVQ52lq0AVzxVygUIyMj77///sjIiFwuj46Ojo6OZpXEcfyZZ56h7I+NjY2JiSEvExMT7XY7Qkuk+YLoWszDTrdv325ubp6ent7c3Nza2tra2kK3ZqB9af/+/WfOnKmtra2urs7IyCDPPWIYlpGRUVRUNDc3R4Wdy/GYmBi5XK7T6T766KOhoSG1Wo0IOH0ULy8vb25u0sXIORftIAXX7awR45qsWCO2sLDgZxuhXfDZYzFf80Yks80cg2HYt99+OzU1ZTKZrFZrY2PjsWPHNBpNVFSUwWAgUwuGYVFRvs8UPPnkk4+j9NKlS14yzLMoQVcRIpaWlu7evfvzzz9zCSQkJHiVrKys+F//ysqKw+E4cuQIhmHPPvvswMCAQqEwGAy5ubnbMxgN09rp6WmfBrDGv6SkhJQZGRlRq9Vckk1NTX7aFmgrR7IvJAqFoqampq+vj8/nk+fc0PLb6EsPHjzQarV6vb69vZ0qbG9v7+rqqqura29vf+GFF7jcIcOrVCp7enpUKtXk5OTQ0JDL5eLStQMnyh4/YgaDIWTW7SHQjzlra2tRUVH0p1HWHTCj0SiVSgmCwHHca2GKYDx+6nQ6+lqZ0Wjchka6UvrTosfjEYlE1DNpKFTQ8XqG1el01MMy63IclzxlPN1yZj2PuVZGNgR9oePkyZMYhlGb1YhVRC7LyTrn5+fJcvTagk8DvKDiTxBEZmbmtWvX4uLiqIZjSqJ32rwumVoizRd/uhbJ8vIyj8ej1xAXF4eORqBrZbW1tTiONzY22u12rz/Z7faGhgYcx8lNR4TjbrdbKBReuHChpKSE4A641yhGLDRxjTKfa2WsESOQk5XPtTJEGwXqAtMjrnkj8tfKfOQYgiBycnJqampsNhu5JUX6PD09XVhYeOPGDbvdvri4WFNTU1RURBBEbW2tTCYjv790dna2t7eTlZDbaBaLxWQyHT58mL7nn5OTQ27Inz59Wq/Xc2lEKHW5XDwejxzter0+MzOTbn/QVRAEQa01U3txlGvUph8ixzDlKbxWsb30IvBzP6auru7YsWMmk8lutw8MDJDnXlpbW1mFmTmG1fLS0lJyh9lkMnlt2zJBG8AVf+K/J7ioS1ZJP0csQktE+eJP16IQi8W9vb1Op3N2dlahUPjMMYGiUqmoZMDK/Py8SqVCO04QRGVlZWxs7Pfff09esgacOYpramqKi4uZG+asDq6trfF4vJmZGWobnPV2ZsRIYa7JitVl/9soIBe8LhGjz/8pIlz4zjHksSgcxzMyMi5evEj6vLm52dbWlpaWtm/fPrFYrFKpbDYbQRBut7uhoUEqlQoEArlcTuVtC+04IP2EosfjaW5uFolEfD5foVCQX5FYNSKUEgTR1tYmEAgGBgaampo0Gg3d/qCroHcL9AFTygavb1hMeS8xOpRedDP5mWPcbndLS0tycjKfzz969OiVK1fm5uYEAgGZetE5hstym81WVFREHj89f/48eiJDG4CIv9FoxGgHNFkl/RyxCC2R5gvXuVimMXq9Pjs7m8/nSySSxsbGoOcY/0E4ThCETqfDcRzdeZijGHHwl9XBlpYW+qhhvZ0ZMVKYa7Ji4ufw354LhN/zhp9TRLjwnWN2F2lpab/88suOqQv0QTXyH2y58NPymZkZ6mBVcHG5XHw+H32eKrjsJV92BVTAd3gUb5sdG867d94gtn2uLGL57bffwm3C/zVGozE1NTUUNY+NjeXm5u7ky6P2ki+7AirgMIr3Er7Pfd25c+fUqVNehcF64XZKSsrU1FRFRcUff/zx+LUBYeHTTz+9fPnyysrKr7/+qtFoamtrg65idXW1p6dHqVQGvWYv9pIvu4IdCDgQXnznGLVaTf3khSRYL9wm63n11Vf37dsX6ElNIHLIy8vr7e2VSqUqlaq+vv6DDz4IugpqGTroNXuxl3zZFexAwIHw8gRBEIg///nnn2KxeH19PTo6mir87LPPbDbbpUuXFhYWqPTD4/EOHTrU2tpK/X5wYWEhMzPzr7/+om78/PPP+/r6DAYDuUpA1XP79m25XL60tBR09wAAAIAw4uM5xuVyCQQCeoLB/vfnUeTLMNxut9VqbW1tPX369A8//MBa1fXr18+ePavT6ahlaKoeoVCI+DUWAAAAsEsJeM+f+cJtMgMlJCSUlZU5nc7e3t53333X667ff/+9vLy8r6/v5Zdf5qoHAAAA2GME/P9jhoeHCwoKnnrqKda/5uTkmEwmr8KNjY2SkhKVSlVRUeFPPT/++GOgVgEAAAARyHZyDOI9QkKhcG1tzauwrq7OYDB4nRhB1KNWq995552pqalAbQMAAAAiisByzN9//63X6+Vyuf+3fPHFF+Pj45WVlRqNxs96zGbz8ePHCwoKysrK7t+/H5CFAAAAQOQQWI6hv3DbH9xut1arHR4e7u7uHhsbu3nzpj/1kG8RN5vNm5ubGRkZAVkIAAAARA6B5RifL9x2OByxsbHU5dbWVn9/f3p6+oEDB5qbmxsbG/2s58GDB+T7K+lvEQcAAAB2FwHkmH///XdkZASdGyYnJzMzM6lLgUDw3nvvkZ+bmpqWl5cvX77ss55Tp04dPnxYIpHMzs6eOXPGfwsBAACAiMLH2eWoqCiPx0N+npiYkEgk1L9yo9jY2MAwzOVyXbt2rbW1dWBggLWqmJiY9vZ2jUYjlUq96vF4PNS/NSOrMplMzz//fODuAAAAABGEjxwjFosxDLt///5LL73EusBFvkEWwzAej5eWltbT08P8cQzFiRMnLl68qNVqveoxGo0HDx6kLr/55ptA3QAAAAAiEB/vksEw7OOPPzaZTNevX09PT//6669ff/31x1TpVc/Gxgb5EpoPP/zwMWsGAAAAIgrfOebRo0dGo/G1114LnRE//fTTm2++Gbr6AQAAgLDgO8cAAAAAwPYI+Hf+AAAAAOAnkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgVkGMAAACAUAE5BgAAAAgV/wFGOax0v40RhQAAAABJRU5ErkJggg==) --- **Screenshot:** ![sofun.com.tw vulnerability](/twimages/screen-1157478.jpg) **Mirror:** [Click here to view the mirror](<http://1157478.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 7 May, 2020 22:03 GMT ---|--- Vulnerability Verified:| 7 May, 2020 22:11 GMT Website Operator Notified:| 7 May, 2020 22:11 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 7 May, 2020 22:11 GMT