logo
DATABASE RESOURCES PRICING ABOUT US

webhostingtalk.com Improper Access Control vulnerability

Description

Open Bug Bounty ID: OBB-1169014 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[webhostingtalk.com](<https://www.webhostingtalk.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 CVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **singhnitesh21 ** Remediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMNElEQVR4nO2cb0xb1RvH71jHLnDLH0s7YMXROcmymEkMaZhhOhdilto0HbItYchmJLAstZnELRPNrFM3ZMEoGrIXmmx7ocYXDTbGNKYxppJmQcSudlgbQrDBQrauUlJYV6H39+Lkd3Nz7z2nLbRAt+fzqufcc57zPN/znD7cA9smlmUpAAAAAMgCeevtAAAAAPDQAjUGAAAAyBZQYwAAAIBsATUGAAAAyBZQYwAAAIBsATUGAAAAyBYbt8ZoNJpbt27hmsAjyBrkQA6lWUZcXY2RHNIKWEc2aI35448/EonE008/LdkEHkHWIAdyKM0y4upqjOSQVsD6kqTG/P3333K5XPJRJBK5fPkyrrlKbDabwWDANTcsOLkIMqYFX+RV2ky6XwL7mQphxaAcyKrC2UizLOmWEVfJRu7evXv8+HGFQrF9+/Y33njjwYMHGXcAeBRY+XvM3NzcpUuXcM1VkqM1JtvwRd6xY0coFMqIqZxgDXIgG0uscptwrEGNaW9vp2na6/U6nU6Px/POO+9k3AHgUWAj3pXNzMz4/f4DBw5INgGOrVu3rrcLa8Qa5ED2lsj4NmXEVbKRhYWFn3/+eWBgoLKy8oknnujt7R0aGsqsA8AjQko15tNPP9VoNAqF4pVXXolEIhRFRSKRmpqaaDS6adOm69ev85sff/yxXC6/cuXKtm3bysrKTpw4cf/+fWTn119/3b9/v1wu3759+8svv/znn39KLmez2V588cUtW7YImocPH75y5QrqvHXr1tatW5EzFEV1dXWdPXuWPODJJ58kT+f7kHStBw8evPbaa3K5fMeOHe++++7y8jI396OPPhLHLikjRVELCwtdXV1KpbK6uvq9997j7Ii1EmjOv4RBn/v7+zUaTVlZ2fHjxzn7MzMzL730klwu12g0/f39ZWVl4u1Dy+3bt6+goECpVB45cuSff/4h5MPt27cVCsUvv/wi6F9eXn7rrbe2bdtWVFR05MiRe/fu4WLkO1xUVHTs2LF79+6dPXtWqVQqFIpXX311YWGBb1mQEjiFOXCqSqohWIK89V1dXbj0loTbJlzyk8UR7GYGXeWMHDt27MMPP+T69+3bd/369aKiovv37xcVFaHOeDyen58vniu+UOUkxcUrPjjIyOXLl5VKZWVl5ZdffkmYDuQcyWtMNBp1u90ul2tkZCQYDJ4/f56iqJKSEp/PxzBMLBZra2vjNw8fPhyNRkdGRkZHR0dHR8fGxvr6+pApvV5/8uTJQCAwPDzc2NhI07TkiriLMr1e73A4UOf333+fSCTsdjtqOhwOnU5HHmA0GsnT+T4kXevixYuLi4sej8dutzudzqtXr3Jyjf4ffuySMlIUZTabg8Hg2NiY3W632WyDg4M4rQSai7fJ4/Eg+4FAoKenB/WbTKb8/PyJiQmHw3Hjxg3UKTY1NjbW2dk5Ozvr9XrVarXJZJLcGoqiIpFIc3Nzb2/v/v37BY/6+vocDofD4fD7/VVVVePj44QYkSDDw8NutzsYDO7evTsUCnk8nps3b05NTXH+I/gpgVOYD05VSTUES5C3/oUXXsClNxlc8uPEkdzNDLrKGTl69Cj3jjIzM+N2u41Go8D5Dz74oL29XTx3BfFKHpxoNOrz+bxe77Vr1xobGwnTgdyDJTI1NUVR1Pz8PGq6XK6dO3dyjxiG4Y9ETTQlEAigfqvVWl9fz7JsOByWyWSxWEy8SiAQqKmpQZ+j0SjDMOFwWNwMBoOFhYXIglar7e7ubm1tRSsWFxfH43HygEAgQJ7OdynpWuXl5dFoFA12u91arZYQO07GpaUlhmEmJydRv81ma2hoIGjF11zwmW9/eHiYs0/TNGffarWWlpZKbh+fiYmJiooK3P7qdLrTp09LTlSpVGNjY4JOyRiRw3Nzc5zDeXl5i4uLnD67du3iLPBzgKAw5y1OVYIaqafZxMSEpAM4kGO4DSWII97NDLrKN7K4uIhOB8uyg4ODBoNB4KTFYmlqalpaWpLcDkGSIEkJh118cFC83JEnTwdyDlnSIsQwDPc6XFVVFQ6Hk06habq6uhp93r17dyAQoCiqrKyspaWloaHh4MGDVVVV9fX1zz//PGfW5XKhzz/++KNWq+XeuPnNysrK2tpal8u1Z8+eYDB44cKF2tra5eVlh8PR1NS0ZcsW8oDq6mrydH4IZFPRaDQUCtXU1KDBiURCJpMRYsfJeOfOnXg8rtFouPHovBG0SmWb1Go1Zz+RSPDt46b//vvv586dGx8fj8fjiUQikUhIDnv77bftdvsXX3whfhSJRMLh8N69ewX9uBgZhikpKeEcLi4uLigo4PTh/55ckBI4hZOuSFAj9TSTyWQ4B5RKJWfw7t27fJdwG0oQR7ybGXSVb6SgoECn0w0NDb3++utWq/XkyZN8z7/77rsbN26MjIxs3rxZcjskwcX777//Sh4chmH4BleQ/8CGJXmNySBff/31b7/95vV6g8Fgd3f3s88++9lnn1EUtXnz5srKSjSG/BdlOp3O4XBMTk7q9fqSkpK6ujqn08m/6SIPSDqdD2FwLBbLy8sbHR3lSkteXob/egKnVZYwGo0dHR1Xr16laXp6evrQoUPiMYuLi1ar9ZtvvjGZTM3NzVyF4MN9E2WQtf+LsrTyhMPtdhOeZmpDM+KqwMjRo0c///zztra2kZERq9XK9d++ffvUqVN2u12hUODm4pCMV/LgxOPxFKcnXRTYiJBfc3DvwpKPJO/KhoaGJC8T3G63Wq0WdC4tLZWXl3NXB4Imy7Iul0ur1RoMhh9++IFl2cHBQbPZXFFREQwGUxmQdDof8mCGYcT3QrjYcTLibnVwWhHuynD2aZqemppC/bi7sjt37shkMv5ypaWlYpsymWx8fJxlWb1ebzKZxH6qVCq32y3oxF0H4fJK0BTkQCoKk+/KxGqklWYppjc/FvGdJLeh6YqTEVfFRmKx2GOPPfbJJ580NzdzneFweNeuXV999RXfc8Hc+fn5vLw8/rUefx/F8bJSB4dwbSueDuQcK68x0WhUJpP5/X5BE2V2S0vL9PS01+utq6uzWCwsy46Pjx86dOinn34KhUKBQKCjo0Ov13OW0d2r0+l86qmnuE5BE6FSqVQqFRo/PT1dXFxcV1eX+gDyU8EVMGHwqVOnGhoa0M9ZfX19Fy9eZP//DSiOnSBjR0eHwWAIBAJer/eZZ54ZGBggaMXXPJUaw7JsS0uL0Wicmpryer179+7FbZ9KpRocHJybm/P7/UajsbS0dH5+XiaT+Xw+dBHPX8Ln89E07fF4BKJdunRJq9V6PJ7p6WmTyeR0OnExpl5jBDmAU1jgraSqODXSSjOcAzhQpITkT0ucjLgqaaS1tbW4uPjbb79FzaWlpaamJrPZHOMhOVer1XZ0dMzOzvr9/sbGRuQqIV7xwRHXGPJ3BZBbrLzGsCxrsVgKCwuvXbvGb/b39zMM09vbq1KpSktL29vb0e9y4/G4xWKpra3Nz89XqVRtbW2zs7OCVd58882enh7OvqCJaG1tbWlp4Zr19fWCMeQBhKfiXCcMjsViZ86cUavVhYWFOp0O/WSHLPT19QliJ5fqzs7O8vJytVptsVjQVyRBK07zFGvM7OysXq9nGKampqa3txe3fU6ns76+nqbpioqK7u5uNOz8+fPcAMESZrP5ueeeY0UvEOfOnSsvL6dp2mg0hkIhXIyp1xhBDuAUFngrqSpOjbTSDDkgTm8caDxhQ9MSJyOuShoZGhpiGIaLBdUnPjitJiYmDh48yDDMnj17BgYG0DBCvOKDIz53hOlAzpGkxqyApG++BGpra2/evIlrAqvE5/OpVKr19iI9spcDnBppLZFueq/mOIjJiKurkRSOJJAua/o7/6T89ddfhCawStxu986dO9fbi/TIXg5wauRQmmXE1dUYySGtgA3CxqoxQMZ5//33q6qqDAbD5ORkT0/PhQsX1tuj9WSN1fjvv/9cLpdarc7qKgCwkYEa85Bz4MCBM2fOnD59+vHHHzebzSdOnFhvj9aTNVajs7PTZrNJ/nMiAHhE2MSy7Hr7AAAAADycbMT/dxkAAAB4OIAaAwAAAGQLqDEAAABAtoAaAwAAAGQLqDEAAABAtoAaAwAAAGQLqDEAAABAtoAaAwAAAGQLqDEAAABAtoAaAwAAAGSL/wFd6pAr5NTajwAAAABJRU5ErkJggg==) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHI0lEQVR4nO3bX0hT7x8H8Mc5ctqZc7XZtIkasUS68GIMDSOQKJMhSUZh0h8KhRCRgRFe1CrIyOyiwrwJvKq7EAnZxSAQGaK2lsw/MJFtumUyl7Npa8yd78X5/vY7uHPOJj/Ob1Tv19XOs/N5nvfOAT87j5pF0zQBAAAQgSTTAQAA4I+FHgMAAGJBjwEAALGgxwAAgFjQYwAAQCzoMQAAIBb0GAAAEAt6DAAAiCUzPcbj8SiVyowsDQJCoVBvby8hxOPxyOXyTMcBgN8enmPgvzY2Nh4/fkwIKS0tDQQCmY4DAL899BjglpOTk+kIAPDbS9Fjmpqa+vr6mNdfvnzJyckJhULMYXt7e3d399bWVnt7u1qtLikpefDgwc7ODvnPTktvb69arS4qKnrz5g0hxOfznT17Vi6XHzt27O3bt8wkzJl9fX2HDh1SKpXXrl37+fMn3wy/fv26efOmXC4vLS29f/8+sxYhZGpq6uTJk3K5/PDhwxcuXJifn+cbTNi1F8Teu+MrTF6dMyQbX0l/f395eblSqbxy5UrievJFYpfs37//0qVL6+vr3d3darX64MGDN27c2Nra4luO70pOTU3V1NTk5uaq1eqLFy/6fD5CSCgUKisrC4fDWVlZz58/Z4cRuMucnwUAgJGixxiNRqvVyrz+8OFDPB63WCzModVqbWho6Ozs9Pv9drvdYrGMjIwMDAww74bD4YWFBafTOTQ0VFtbSwjp6OjIz8+fm5sbHR1N9BjmzMnJyenp6enpabvd/vTpU74ZHj58uL29PTMzY7FYxsbGBgcHEyGvX7/u9XrHx8dra2tlMhnfYDr4CjlXTw7JxlcyMzNjs9kmJye9Xm9PT0/KSOFw2OFwjI+POxwOv99fUVERCARmZmYmJibcbndiBr7rkxzSbre3tbWtrq46nU6tVtvR0UEIUSgUCwsLFEVFIpGmpiZ2AIG7vNfPAgB/F1qQ3+/Py8uLRCI0TRsMBpPJ1NLSQtO02+3Oz8+PRCIURS0tLTEnj4yMVFdXM+8SQoLBYGKeWCwmk8m8Xi9z+P79+4KCgsSZ7HG9Xs85A03TKpUqHA4zrx0Oh8FgoGk6GAxKpVImYQLnIJvb7aYoin3I5BEoTF6dM2Q6JZubm8zg+Pj4kSNHhCMxJRsbG4kSiUSyvb3NHNpstqNHjwpcn5QhFxcXNRrNrgzsMLFYTOAuc34WAACGVLgDFRUV6XQ6m81WWVnp9/vv3bun0+l2dnasVuvp06eDwWA0Gi0vL2dOrqioYH7uEEIoimL/5dja2hohpKSkJHFm4i2ZTMYe93q9nDN8//49EAiUlZUxh/F4XCqVEkKUSmVzc3N1dXVdXV1xcbFerz916hTnYDodl6+Qb/VdIdkEShLbUFqtNhgMpkxFUZRCoUiU5Ofn5+bmMofFxcXML+f5luMM+fnz5zt37szNzUWj0Xg8Ho/HBVZfW1sTuMt7/SwA8FdJ0WMIIQ0NDVardWlpyWg0KhSKqqqqsbExZqPs/5AvIRKJSCSS6enpxI9OieTfjb537959+vTJ6XT6/X6TyXTixImXL19yDqazEGch5+rRaHSvgYVL/hcC1yfZ+fPnb926NTg4KJPJVlZW6uvrRUoFAH+7lE86NpvNYDA0NjaOjo7SND0wMNDZ2anRaPx+v8AuCnvbh07aKxseHubcKxseHk7sle2agaZpiqLsdrtwWofDodVqUw5ubm5KJBL2Pg+TR6AweXXOkMKB+TbEBCIJlOw65Lw+ySHX1takUin7MyZm2OtemUAwAACaplP/7XJNTY3b7Z6YmKirqyOENDY2Dg0NaTSaoqKi7Ozsy5cvd3V1LS8vz87Oms3mlpYWzkmys7Pr6+tNJpPP52POZL/LHjcajXxJWltbb9++PTs7+/Xr176+vkePHhFC5ufnz5079/Hjx/X19eXl5VevXlVVVXEOsqeSy+V6vd5kMn379s3lct29e5cZFyjkXF3Ynkr4IqUvzeXUavWBAwdev34dCoVcLhf7XqhUqkgk4nK52Oenf5cBAHZLpxG1tLQ0NzcnDvV6fU9PD/M6HA63tbWpVCqtVms2m2OxGM3zBX9lZeXMmTMURel0umfPnrG/pD958qSwsLCgoODq1avMb7M5Z4hEIl1dXVqtNi8vr6GhgflmHY1GzWazTqfbt29fYWFha2vr6uoq5+Cu2RYXF+vq6iiKqqysfPHiBZNHoDB59ZTPMSlLdn3354yU/nMM5/XhDDk2NqbX62UymUajMZlM7AnNZnNeXl5/fz+7Kp27jOcYAEiWRdN0Bjucx+M5fvz4jx8/MpgBAABEgv/zBwAAsaDHAACAWNBjAABALBn+fQwAAPzB8BwDAABiQY8BAACxoMcAAIBY0GMAAEAs6DEAACAW9BgAABALegwAAIgFPQYAAMSCHgMAAGJBjwEAALH8A9ryig0fQpkjAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1169014.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 22 May, 2020 17:16 GMT ---|--- Vulnerability Verified:| 25 May, 2020 08:26 GMT Website Operator Notified:| 25 May, 2020 08:26 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 25 May, 2020 08:26 GMT Vulnerability Fixed:| 25 May, 2020 08:50 GMT ---|---