Open Bug Bounty ID: OBB-1168009
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
tunneltalk.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
Open Redirect / CWE-601 |
CVSSv3 Score: |
3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
hacker22385 |
Remediation Guide: |
OWASP Open Redirect Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAYE0lEQVR4nO2dfUwUxxvHt4B44KGCcLxawShaSxCVEDRojWmUIiEn4ksovpaooWgIUWvRUqpRKaip1lpjbIKmsaaxhBDSEENti4YapPSAAxGJhfM8KCKKnnhSYH9/bH6T7e7M7NxxdyA8n79uZmefeeaZ5264We47b/E8zwEAAACAA3AZaQcAAACAMQusMQAAAICjgDUGAAAAcBSwxgAAAACOAtYYAAAAwFHAGgMAAAA4itG7xoSFhdXV1ZGKwGgDJggAADmjdI1paGgYGhqaP38+tgiMNmCCAADAorDGtLe3e3l5YS/19vYeP36cVBwmpaWlSUlJpKJzsO+I6EjizNK1+BbKNDmHYU5Qe3u7t7c3Z9eBWDt9NnT99OnTbdu2+fn5BQcHf/LJJ//++6+VPo5H5PPy+++/L1iwYNKkSYsXL25oaLDBJsofrH1ghOGptLW1qdVqlkuUljYQExNz/fp1UtE52HdEVvXF0rW4jTNdxTLMCWpra5s6darw2mKx2MUla2NiQwyTkpJSU1ONRmNzc3NcXNyBAwes9HE8Io9zQEBASUlJT09PXl5edHS0bTZR/oz4ewGQMBr3yjo6OlpaWpYvX44tAqMN+07QxIkT7WLH0bx69aq2tvbChQvBwcFz5sw5derUtWvXRtqpN5KBgYHo6Ghvb+/o6Oj+/v6RdgewM0xrzOnTp8PCwqZNm7Zp06be3l6O43p7e0NDQ81m81tvvXXp0iVx8dSpU15eXoWFhf7+/t7e3lu2bHn16pVg586dO0uXLvXy8goODl67du3du3ex3ZWWlq5cuXLChAmS4po1awoLC4XKurq6iRMnCs5wHLdz5859+/bRG8yePZt+u9gHyQAlGymSvZ2TJ0+GhYV5e3t/+OGHgk1SPcdxr1+//uijj7y8vGbMmPH5558PDg5Khi/pWojb4sWLPTw8/Pz81q1b9+jRI8pkNTY2Tps27ebNm/JLg4ODn376qb+//6RJk9atW/fkyROO416+fLlz504/P7/p06d/8cUXgj9i/ydNmrRhw4YnT57s27fPz89v2rRp27Zte/nypXy+hLuOHz/u5+cXGBj43XffUcb76NGjVatWeXl5zZkz58qVKyiwQpytMiUflzyG4rkj5SeHS3VSew8Pj4cPH06aNEm4sbW1NSgoiG5cDqk9dvjYmcIOn56uLFFlTwDF28X5j52XjIyMhISEjz/+OCcnB2UCgpT82PwR29+8efOqVauQnYMHD27ZsoUyQYpvTEfPGiVP3miU1xiz2azT6aqqqqqrq00m04EDBziOmzJlSnNzs1qttlgsaWlp4uKaNWvMZnN1dXVNTU1NTU1tbW1BQYFgKjExcevWrQaD4datW3FxcSqVCtsj6WFMYmJiRUWFUFlWVjY0NFReXi4UKyoqEhIS6A20Wi39drEPkgHS41NfXy/Ex2Aw5OTk0OsPHz7c19dXX19fXl5eWVl5/vx5iUF517W1tTt27Ojs7NTr9SEhIZmZmSRnent7k5OT8/Pzly5dKr9aUFBQUVFRUVHR0tISFBTU1NTEcdyePXtMJlNtbW15eXlpaem5c+eQ/zqd7tatWzqdzmQyzZ07t7u7u76+/vbt221tbWg43H/ny2w2Nzc36/X6oqKiuLg4yngzMzMnT57c1NT0888/yz9ZrDIlHxd9+kj5iU11SnvEvXv39u7de+LECUpjPxmKzkiGT5op7LSSYI8qYwJQbpfnP3Ze1Gr1gwcPioqKysvL3333XYnDpOTH5o/Y/tGjRysrK1+8eCFcKi0tTU5OpgScNBDsxDl51t5s6FtpbW1tHMc9f/5cKFZVVc2cORNdwj5CEG4xGAxCfXFxsbDH2tPT4+bmht1tNxgMoaGhwmuz2axWq3t6euRFk8nk6ekpWIiJicnOzk5NTRV6nDx5cn9/P72BwWCg3y4fO+mBB9r/lcTn1q1bQnxI9TzP+/r6ms1m4bVOp4uJiaEEU05ra2tAQADJvYSEhIyMDOyNPM9rNJra2lpxzcDAgPAOF4qlpaWxsbHI/2fPniH/XVxc+vr6hGJVVdWsWbOE1+IJEu5Cc0cZ78DAgEqlEicJiqc4i1hMYcdFiSEpP0mpTmqPMBqNM2fOvHr1Kr2xUYaiM+Lhk2YKO3x6urJElT0BKLdj81/i28WLFyMjIzs7O5cvXx4fH8/zfGtrq0aj4XGg5Cflj8R+bGzstWvXUKXFYqFMECm75BPnoFkbq7gpLkJqtRp97w4KCurp6VG8RaVSTZ8+XXg9d+5cg8HAcZy3t3dKSkpsbOyKFSuCgoKio6Pfe+89ZLaqqkp4ff369ZiYGPRfIuJiYGBgeHh4VVXVvHnzTCZTbm5ueHj44OBgRUXF+++/P2HCBHqD6dOn029XHJdifEJCQlB8sPVPnz7t7u4ODQ0V6oeGhtzclKfgr7/+2r9/f1NTU39//9DQ0NDQELbZwYMHy8vLL168iL3a29vb09MTGRkpruzq6urv7w8LCxOKc+fOFd4ngv9TpkxB/k+ePNnDw0MoBgUFdXd3C68l86VWq9Fryni7uro4jhMnidxhRlPYcdHB5idHTnVSe4GUlJSsrKwNGzbQGwcHB1vrjHj4pJmydviMUeXYEoB+O/Z9ISEnJ6e8vNzf3//KlSuRkZHHjx8XPh9QA2zys+QPx3FarbasrGzt2rVlZWUJCQnCoz5swCkDkU9ce3u7k2ftjUb5A86O/PDDD3/++aderzeZTNnZ2UuWLPn66685jnN1dQ0MDBTa0P9rOSEhoaKi4sGDB4mJiVOmTImKiqqsrBTvdNEbKN7uaCwWi4uLS01NDcpgFxfl7UqtVpuenn7+/HmVSmU0GuPj4+Vt+vr6iouLr169mpmZmZycjD4dJLi6ug7Hfzn0/1q2bbw2mLL7uBjp6Oior6//448/FFuizTHE48eP7eWGzcMf5gQN8/bHjx/39PQsWLCA47jAwMCioiKtVltTUyPsMgmwJD+J5ORkwVRZWdnWrVttG4h84mpqath9oDBSSetkHLLGWCyWhw8fCut8S0vL22+/jS4tWrRo0aJFHMcJj0+ENQYxODhYVlaWm5uLLXIcl5iYmJWVFRAQsGvXLo7jtFptSUnJb7/9durUKZYGireT8PHx6evre/HihfCnmdFotC0ygYGBnp6e6H3FwuPHj00m02effSYU0RcICS4uLsXFxe+8887ly5cPHTokCSzHcVOmTPHx8amrqxP/UlKj0bi7u//999/Cn1rNzc3oTzkW5BMkgTRejUbDcZw4SRT7IpnCjosOJT+tba/RaPR6PUtjnU43HGdIM4UdPnu62pCQdrzdx8fHzc3t/v37s2fP5jhu9erV27dvv3DhAgopKfkZ82f27NkajeaXX365ffv2jz/+KFRiA04ZiHziBgYGHDFrYxb6VhppY5fnebPZ7Obm1tLSIikKXwZTUlKMRqNer4+KisrLy+N5vqmpKT4+/saNG93d3QaDIT09PTExEVkWHpNUVlZGRESgSklRQKPRaDQaob3RaJw8eXJUVBR7A/pV8eMiyQBjYmLS09M7OztbWlri4uIkzw8k8aHEbdeuXbGxscKXuYKCgsOHD/M8//z5czc3t+bm5oGBAXnXGo3m3Llzz549a2lp0Wq1ginxLeLumpubVSpVfX29fETHjh2LiYmpr683Go2ZmZmVlZU8z6enpyclJRkMBr1ev3DhwjNnztD9FxclE4R9BIIdL8/zWq1WnCTy5zHsprDjksQQxYGUn/RnGPL2CHGEFRtLYHRGADtTpOGzpCslqowJYMPtknnJyMhYsmSJXq/v7u4uKiry9fUNCAg4dOgQuheb/Dwhf+T2c3NzIyMj0UcNZYJI2eXMWRuT2L7G8Dyfl5fn6elZVFQkLp48eVKtVufn52s0mqlTp27evFl4VNjf35+XlxceHu7u7q7RaNLS0jo7OyW97N27NycnB9mXFAVSU1NTUlJQMTo6WtKG3oByVZ4i4gG2trauWLFCrVbPmzfvzJkzNq8xFoslKysrJCTE09MzISEBPQ88cOCAPJhCsbKyMjo6WqVSBQQEZGdnI1PoFkl3e/bsWbZsmdyNgYGB/fv3+/r6qlQqrVbb3d3N87zZbN6xY4evr29ISEheXp6wyDF+xEgmCPseI43XaDSuXLlSrVaHh4efOHGCZY0hmcKOSxxD+f9HyPOTPpXy9qTIUBrLYXRGADtTpOGzpCslquxrjA23i3PbYrEcOHAgNDRUpVItXLjw+++/f/DggaenJ/rMJSU/Nn/k9oVvIehtRZkgUnY5c9bGJAprjA0M53e24eHht2/fJhWB0cabOEEO/f2/E8QFAKswm80qlQr9r5ddAg6zZhVOfeavyL179yhFYLQBEwSMcq5fvx4XFyf+Xy/AyYxGLRkAAIDh09vbe/bs2fXr14+0I+MaWGMAABiboOclI+3IuMb+a8yMGTOQfoNDGY6IN1ZM3jaDiprw8gbDFzNHKPo8fLV8Zx4c4ARhdnp+yh2wKp+tTX6nvVnGJ69fv/7pp5/EKqt2CTjMmlW8xfP8SPtgI+3t7REREbZNdnt7e1RU1NOnTzmOe/36tZCFNhtEFhj9DAwMPH/+/LJly86cOVNWVnbnzh0bhkAybm0DFugDtCN28faNdgAAxhiwV2YHMXlrLbxxYuZvit4+AACjDevOwXSySDhFIZ8i3m6bmLzcIEX0XjxwcYgYRfjpYubsot9yn9n1yUnebtiw4ejRo6jN4sWLhcMahKL8qjj4wxSEx56nwKiULh6U5PyIb775Rq7xjm3JGE/2YTIeZgEAYxjbv8c4RyScpJBPEW+3TUxebpAiei8ZOIJRhJ8uZo4V/cYKjMt9Vjw4QNHb9evXl5SUCA06Ojp0Ot3KlSvRLfKrWq1WbHM4cy0fDrtSOkJ+foRWq8VqvMtbsseTcZiMh1kAwFiG/vOZkRUJpyiEy32ju6EoJi95TRe9Fw+c5AZWhJ9nEDPHin5jleHlxrExZPm9GPK2r69POAeB5/lz584lJSWJLcivio0MUxCel00Hx6yULkA6P0Ku8U5qqRhP9mFSDrMAgPGD7b/BdI5IOKNCuKIbjGLgCLroPeknXSwi/HQxc5LoN0kZXoy1BwdgvfXw8EhISCgpKdm9e3dxcbFErZZ+lRu2ILzcGotSOoJ0foRc433ixImkkyZY4skyTMphFgAwfrDb7/wdIRJuw/NwO4rJ24CiDjmLmDmHE/1mUYa3NoYkb9evX3/27Nm0tLTq6uri4mLJui65SokGCYfOEfb8CKzGO+mkCTv6qdgFAIx96F9znj9/7uLiIt6toojrqdVqxeMIKeJ68tsV78XuAmHdkOyVlZSU2LxXJukU1XR1dbm5uaF6nU4n70JwA4nC8jy/Y8cOjuP0ej2q0Wg0Op1O4j/jXpliDBEkb3met1gsPj4+X331VXJystyC5CqlL6vmWm5B7rniXpkEnU4XEhIivI6IiKioqJg6dSpKZmxLxXhaNUySMwAwflD4u8zLyys6Ojo7O/uff/65f/8+OuEcS1paWkZGRmNjY0dHR2Fh4ZEjR6xa7ay93dfX12Kx3L9/n8WOq6trfHx8dnb2o0ePGhsb8/Ly6AZdXV03btyYlZX18OFDoX1qairdHz8/Px8fn2+//ba3t/f+/fuoCx8fH4vFcu/evcHBQVdX1+3bt2/durWxsfHJkyeXLl0qLi4OCAi4evUqspOVlbVjx46GhoZHjx7t3r375s2bHMcFy8AGQT52ce8s3nIcN3HixPj4+Nzc3I0bN8qHSb/KCGmuSXMqoDgpd+/e/eCDD3799dcnT548fPjw7NmzUVFRwqXk5OTs7Oy4uDhh65XUUjGe7GOkOAMA4wjFVWgERcLp9/KywwUobvBKYvJygyyi95IaRRF+nkHM3FrRb4lSunzsklMDECRveZ4vKSlRq9UkxXLxVVIoeOsF4SXDsUopXYByfoRE453SUjGejMOkdAEA44c3+Hf+AMDOy5cvfX19TSYTSPACgDOB3/kD4wLQeAeAEQHWmPFLWFhYXV0dqTiWAI13ABgpYI0ZpzQ0NAwNDc2fPx9bHGOAxjsAjBTWrTFIr8zau5wmDj9MGF21ozg/pUeJzrx9de9LS0uTkpJIRQdhr0yw1o5c450FJxw0AABjHmd8j5kxY4bwy+cxw8aNG/Py8oTfLW7fvt1BvTx79uzYsWOk4jAZkTXmzcK+AQeA8YmT9srGmDj8GyfOL6Gjo6OlpWX58uXYIgAAgL1QXmOwkvgcQfYcK2Yu3tno6OhYvXq1l5dXWFjYyZMn0c4bqV6OYhec7AyCwsJCf39/b2/vLVu2vHr1ilIvhqQJz1HF+Ume0Dl9+nRYWNi0adM2bdoknF8g0ZnH6t5j/WfRky8tLV25cuWECRPkRcqJBtjuFNXvJYcycBz35ZdfYqcDGzRKYsjt0P2X22c8PGLz5s2kTEAwngRBHxEAjD2U1xiSJD5W9lxRzDwzM9Pd3b21tbWiouLy5cuK9XKs1Us3m83V1dU1NTU1NTW1tbUFBQX0egRJE55TEucngdXn5/4vFC+cX2AymQQxBYnOPFb3Hus/S3woG2WUEw2w3VHU77GHMpjN5pr/gw27BFJikOwoiv9LYDk84ujRo6RMQLCfBMGe6gAwFqD/RJMkic/jZM8V9dIFa+hH3cgaqV4OoyS75AwCsf/R0dH0erEduSY8ryTOT/kROFZzTHJ+QVVVFTq/QG5Konsv958UH4PBEBoaKrw2m81qtRpp5ouL9BMN5N3xVPV7+aEMjGFHQSMlBskOo8qcJD1YDo/AZgKC/SQI9lQHgLGBgu4ySRIfK3uuKGbe1dU1NDQk1man13P/1Rt+/PixDXrpKpVK7L/BYKDXi5FrwnNK4vwUSPr84vMLgoKCFM8voPhPik9QUFBVVZXQ+Pr16zExMWiLRlykiOdju6Or32MPZWAJO4KSGFg7iuL/chgPj8BmgthPxpMgKCMCgDGJjdr+JNlzu4uZCzJTYpyply7XhGcU58fCos8/fLDxcXV1DQwMFBrY8T/KRvYkBWeCPR0AAABl6F9zSJL4PFmeHSHXSxestbW1CQ0ke2XyekVQF5QzCDjRpkpJSQl2r0xcL9FhlGjCK4rzkzzhyXtlpL019r0y5D8pPoiBgQFfX1+0VyMvsuyVibuzSv2eZIcUNFJikOyQ/Gc8ooJ+eATldAD2kyBsTnUAeENR1l3WarUpKSlGo1Gv10dFRaG3xK5du2JjY4W/lwsKCg4fPtzU1BQfH3/jxo3u7m6DwZCenp6YmMj/952WkpKi1Wrb2tr0en1kZCSyRqqXQOqC5/mYmJj09PTOzs6Wlpa4uDjxh5HY/7y8PEr98+fP3dzcmpubkaBvbm5uZGQk6oXn+YyMjCVLluj1+u7u7qKiIl9f34CAgEOHDqEGWE9IUD7mzGazm5sbWs/ERZL/lPgIjxAqKysjIiJQd5Iiz/Pp6elJSUkGg0Gv1y9cuPDMmTOU7rBpQBkUxQ4paNjEoNjB+k9JD8oaI4m/PBPET2VIcZNLRzOmOgCMDZTXGKwkPo+TPSeJmYvfaZ2dnYmJiWq1OjQ0ND8/H1kj1Uug6KVTziDIz89HaiJivXp5PS9TwpdowvMM4vxYT0jQP+YkhxdIdO/l/itOwd69e3NycpB9SZGnnmiADZdV6vdCfUFBgdwOKWjYxKDYIYn/sxxRQT88QpIJknsZT4IgjQgAxirKa4zjaG5uRv+OxVJvA6RTIEn1csxms0qlEv9r0GiA3X8J4eHht2/fJhXt3p19sWNi2IAjMmFkRwQATsDGZ/52QafTzZw5k71+RBhjmvD37t2jFEc5I5sYjsiEUZXqAOAInL3GHDlyJCgoKCkp6cGDBzk5Obm5ufT6kUXQhB/OocLAMBkliWHHTBglIwIAJ+Hk702VlZULFy50d3efNWvWV199pVg/TIa5V+bu7p6cnCz/SeOI4+TNqxHcK3NQYliLHTNhlIwIAJwDnLUMAAAAOIqx+Ys5AAAAYDQAawwAAADgKGCNAQAAABwFrDEAAACAo4A1BgAAAHAUsMYAAAAAjgLWGAAAAMBRwBoDAAAAOApYYwAAAABHAWsMAAAA4ChgjQEAAAAcBawxAAAAgKOANQYAAABwFLDGAAAAAI4C1hgAAADAUcAaAwAAADgKWGMAAAAARwFrDAAAAOAoYI0BAAAAHAWsMQAAAICj+B+uSClNXwAjrwAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
21 May, 2020 20:59 GMT |
Vulnerability Verified: |
21 May, 2020 21:09 GMT |
Website Operator Notified: |
21 May, 2020 21:09 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
21 May, 2020 21:09 GMT |