logo
DATABASE RESOURCES PRICING ABOUT US

cdn.mercosat.org Open Redirect vulnerability

Description

Open Bug Bounty ID: OBB-1174884 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[cdn.mercosat.org](<https://cdn.mercosat.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[Open Redirect](<https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet>)** / CWE-601 CVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **myNickName ** Remediation Guide:| **[OWASP Open Redirect Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAYQUlEQVR4nO2dfUxT1xvH77DDWoryUqoCTkAHxhnGnGPMoONnjDJEU50vxDFFZtQxxohhvqBzqESZU+acM8SoQWOcfxh0zDhimDPMMIaIXUVWGUHAWhnvaMWKtff3x8lu7u495/S2tFjg+fzVe3tenvOc8/TpPe393pdYlmUAAAAAwAV4vGgDAAAAgCEL5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFwF5BgAAADAVbhvjgkNDf3zzz9Jh4CLGKp+HqrjGqRAdA8f3DTH3Lp1y2q1vv7669hDwEUMVT8P1XENUiC6hxU2ckxTU5O3tzf2rZ6enr1795IO+0lxcfGiRYtIh3Sampp8fX2dZYlb4Vwni7HLz3xI64R/nrKWbDZi14SKy1PG5RQLXUFXV9eaNWsCAgKCgoI2b9787Nkzu6r3ZywuDW2mf9HtGAM5cYAAx69juru79+zZQzrsJwO/CgcFznWyGJf6eeLEie3t7f0p4DASx+U6AxwgJSWlr69Pq9VeuXKlvLx8x44dA9a1S0ObgegeZrjjXtmDBw/q6uri4uKwh4CLGAA/jxw5sp8FHMCucbnCAAd48uRJdXX10aNHg4KCIiIi8vPzz50796KNcg4Q3cMNSTnm22+/DQ0N9ff3//DDD3t6ehiG6enpCQkJMZlML7300smTJ/mH+fn53t7eX3/99dixY319fVevXv3kyRPUzvXr12fNmuXt7R0UFPT+++//9ddf2O6Ki4vnzZv38ssviw+fP3++devWsWPHenl5LVu2rKOjA5W5f//+/Pnzvb29IyIizpw5g06iC+QDBw6Ehob6+vp+8MEHyHg+/DJeXl4rVqzo6Oj4/PPPAwIC/P3916xZ8/jxY1Ty6dOnH330kbe398SJE7/88svnz59z1ffu3RsQEDB+/Pjjx4+TjHz8+PH69esDAgImTJiwc+dOVJ3kk+vXr7/zzjujRo0KCAhYtmzZ/fv3xT7njwLbONa2Bw8eLFiwwNvbOzQ09MCBA/w9Jc7PqKJ4BgUbDuItqa+++ko86QJXo9dYF/ELYCeU5BlKeYnrR2yhzcK3b9/29/f/7bffGBEkI8VzTXL1qFGj7t275+XlhSrW19cHBgZS/I+daynYFdonT54kGYwdHbZHSnSLlzGlO0o8kkJevD7pS5oSLIB0bOcYk8mk1WrLy8srKyuNRuOWLVsYhhkzZoxer1cqlWazOTk5mX+4ePFik8lUWVlZVVVVVVVVXV29b98+1FRiYmJKSkpzc/O1a9diY2Plcjm2R8ql9L59+0pLS0tLS+vq6gIDA2tra9H59PT00aNH19bWXrp0if8RYzKZdDodMr65uTk7O5s0wGvXrmm1WqPROGXKlPb2dp1OV1FR0djYyFXZtWtXb2+vTqcrKSkpKysrKCjgquv1+pqamsLCwtjYWJKRGRkZRqOxurq6pKSkuLj4yJEjFJ9UV1evW7eupaWlpqYmODg4PT1d7HP+EEiNi21LT0/39PSsr68vLS09deoUye2kGaRgMpmq/sVmFdI8cpAmFOsZSnlG2vqx18ienp4lS5bk5eXNmjVLXJFkJHaubbr6zp07WVlZ+/fvp5jK4OaaT4AIxv7QRqvOddGNXcak7ijxiA15u9YnghIsgB2wVBobGxmGefjwITosLy8PCwvj3lIqlfyS6BBVaW5uRueLiopmzJjBsmxnZ6dMJjObzeJempubQ0JC0GuTyaRUKjs7O7GHarW6urpaUN1iscjlcn6PPj4+YuOvXbvGGS8YYHd3N1fGw8Ojt7eXG+/kyZPRa5VKZTKZ0GutVhsdHc1V58wjGWmxWJRKZUNDAzosLi6OiYmh+4Sjvr5+3LhxnLV8n9MbF9uGHMWV5BzF/tfPpBkUzzhXXUoV/mvsPHIFSBNK8gylvM31Q7KQXjghISEtLU1sEsVI7FyT/MZhMBjCwsLOnj0rNk/sf/5cCwobRDgQ2hSDSSuZH9osNbqxy5jiH0o8ikPegSVNCRbALmQ2k5BSqeQuJwMDAzs7O21WkcvlEyZMQK+nTJnS3NzMMIyvr+/SpUtjYmLmzJkTGBg4Y8aMd999l2u2vLwcvb58+XJ0dDR3Wco/7Onp6ezsjIyMFHTX2trKMAy/R6zxwcHBWOOVSuWYMWO4MqNHjx41ahRnGPoRuKurq729PSQkBJ23Wq0ymYyrzr+IxhrZ2tra19cXGhrKWYgWPcknN2/e3LRpU21tbV9fn9VqtVqtRF+TGxfb1traarVa+SW5twRux84gHelVSPPIt5MhTCjWM5TyUtaPvUZu27atpKTk2LFjpLpYI0lzTffb0qVLMzMzV6xYYdNgwVwLCAoKEpxpampyILRJBpNGxw9thhrdpGWM7Y4ej9iQt3dJU4IFsAvbOcaJ/PDDDzdu3KipqTEajRs3bpw5c+Z3333HMMyIESPGjx+Pytj8z8mIESMG0maE2Wz28PCoqqrilrKHB22bUbqRWJ9oNJq1a9cWFBTI5XKDwRAfH9/fAdhi4P/b49g82uuZfq4fceHe3t6ioqKzZ8+mp6cvWbKE+3YixUjxXGdlZVF6f/DggU6n+/3336UbTAJtjvGpqqrqf7N8sCuZH9qM8/5RZm88Ai8S+mUO/fJcyl7ZhQsXBJf/CK1WGxwcLDhpsVhUKhV3fSo4ZFlWrVZrtVpxLf5WyYULF7i9MpLxUgYoOFQqlZTtHT5iI0nbWQKQT1pbW2UyGf8kyef0xsWFkaMaGxvRIXf5L/AzaQYfPnzo4eHB34gg7ZVxVSh7ZeJ5JO2VcRNK8gypvJT1Q98rExeWyWS1tbUsyyYmJqanp7MiKNPHB801PVgsFgvfeLr/BXMtZa/M3tBmXRndUvbK+N1JiUduUA4saVKwAPbieI4xmUwymayurk5wiKZz6dKlBoOhpqYmKioqJyeHZdna2tr4+PgrV660t7c3NzevXbs2MTGRaxnt5JaVlU2bNo07KThkWXbPnj3R0dE6nc5gMKSnp5eVlaHzGo2G36PNHMNtHEvPMRs2bIiJiUFf0/bt27dr1y5xdYqRa9euXbRoUXNzc01NzfTp0w8dOkTxiVqtPnLkSHd3d11dnUajwfqcv/eNbRxr29KlSzUaTWNjY01NTWRkJGpZ4GfSDLIsGx0dvXbt2paWlrq6utjYWEGOEVd5+PChTCbT6/UWi4VvD9ZF/ALYCaV4BlteyvohWYgtzC+g1+vlcrlOpxOsKJKR2LmmuFrcLN3/grnmj4vF4UBoUyaaEt3cEGxGt3gZU/wjJR4FOcauJc0SggWwF8dzDMuyOTk5CoWisLCQf3jgwAGlUpmXl6dWq318fFatWoV+Qu/r68vJyQkPD/f09FSr1cnJyS0tLYJesrKysrOzufYFhyzLWiyWTZs2qVQquVyu0Wja29vReYPBMG/ePKVSGR4evn//fnqOoXx1peQYs9mcmZkZHBysUCgSEhLQFy7ShYXYSJPJtG7dOpVKFRwcnJOTgyKf5JOysrIZM2bI5fJx48Zt3LhR7HPkZO4ktnGsbS0tLYmJiUqlMiQkJC8vD7Us8DOqKJ5BlmXr6+vnzJmjVCqnTp166NAhwWfcvn37xFW2bNmCFgnfHqyL+AWwE0rxDLa8xPWDtRBbWFAgIyNj9uzZYldjjcTONcXVrGg12vS/YK65cbE4HAhtzkXSo5vfi83oFi9jin+kxKMg5LHrk+RSlhAsgL3YyDEOgF3uEgkPD6+oqCAdAs5Fr9er1WpW5Of+zKBb4f7rZ9C5eoCj2338wwULYC8D+pu/Te7cuUM5BJyLVqsNCwtjhq6fh+q4BimDOrq5YAHsZfj+GWMA5MTdULF89+7dx48fb2tr++OPP7Kzszds2PCiLQIANwWCxSkM0xwzAHLi7qlYHhcXd+TIkeDg4OTk5IyMjNWrV79oiwDATYFgcQ70rbQB2A9Fqq4u7UJMbm4u9o+nCCmjtlmG34XZbE5KShKUb21tXblypZ+fX2BgYGZmJvr7jV6vj4+PHz16tFqtTk1N5QQISI10dnYmJyejRjZt2tTX10dqmUJmZqZcLif9OOzY8F8UTjHMKQvAbeFHnEtH4VjjV69ejYqKUigUMTEx3N/2bDaIvTPBHRi868RZvPjrGFfr1WOh3/zlFI13rounT5/Gx8dbLBZBgVWrVsnl8pqamrKyMp1Ot337doZhEhISgoOD9Xp9dXW12WzmLs9JjaSmplqtVp1OV1paWlZWhjyJbZlER0fHoUOHKioqBBpowxm3Evl3OvyIc8ORJiUl5eTkoHtXU1NT+W+5obU2GYw2Oxl6ChqAJDzwed5oNPr4+KCv/A5DN5vfRWNjY25urqC8yWSSy+Wc4FJlZeXkyZPNZvPBgwe5O8J0Oh13Ixu2EbPZLJPJ+GJrU6dOxbbs8ECcW2sAGDDD3NYDNnFzF6lUKoPBwLLsxYsXIyMjpfflntcxgKTrGKxmO0mIm6sl1h4Xa24LlMO///77+fPncy1s27ZNsAc68CL2Uh4QIJZ55yuWT5w4cdu2bYIqXl5eT5484cTb+/r6PD09R44c+dlnn6Gunz17dvr06Tlz5qAC2EbMZrPVavX09ESHcrm8t7cX2zJmUhmGYZiOjg6+/7HuvXv3rpeX182bN1F5X1/fX3/9FVUXK8Mz/8rse3l5TZo06ZtvvqGIaJHU4MXa+CTtepKKPtYwMTYXgJTZZ6g6/wjSYwJIQYTtkfIWVuge2y9Wq59kjEQPUBT4sXNBL5+WlpaQkPDJJ59kZ2cLJLQFnzCUBzpgIa0rirf5XaOVTKli84kVpAd8DG0kaftjNbFJevKUdsSa2wLlcI1GU1ZW9ujRI1SluLh4yZIl/EZeiIg9/QEBWJl3e4WYcnNzV61axR2eP39eoVBUVlYePXqUUmvMmDHTp0/Pzs5+9uzZo0ePcnJyZsyYQW9ZgL+/P9//WPeGhoZmZ2dnZmYyDLNjx46EhIT//e9/DEEZnvlXZl+v11++fLmwsJBiP0kNHquNj9WuJ5XEGobF5gKw+XgIus4/gvSYAJKaPalH0lskoXtxv449IULKAzKwbiTNBcXtSFGmsLCwpKTktddeI7mUoT7QAQtptdgcnXiw2Co2nxxh72fmEIF+mdNI0MQmiQvRtcexMvuCWjExMefOnePO83+vfiEi9iTLuTJimXeBgDl2mHxycnLmzp3L1/zo7e1FShsFBQX0Rmpra6Oiojw9PRUKBcMwly9fprcshq8SRhJV6+vrmzJlSk5Ojkql4u7fZnDK8BJl+VlpzzVg/9XGF08xvSRWsh47dvoCkLJupej8k55JQVLoIvVIegsrdE/qF6tzQQ8uKQ/IwLoROxek8izLHjt2LDIysqWlJS4uLj4+nmXZ+vp67uZHgVSExJWGBbtaKJ9LAlkabBWbT6yQIlo49LCdY+RyOXdYW1uL5ttoNHp6enLn6+rq0IRJV9kjvZWXl5eSksKy7OHDh5cvX843BtupuAVxydraWq67oqKiOXPm0EcnRWwGnc/Ozvbw8Dhx4gS/d34X/IrYHHPhwoWwsDBOFIfPpUuXpk+fLqWR7u7u/Px8gTqhuGUVD3GbJPciSktLGYZBSmhiSzi3GI1GgUs5z4t7T0pKioqK2rhx4/79+69evcrVqq6unjt3bmBgoEql8vPz8/HxIQ3cZknBNr3ABpsLwOa6xS4AQS/d3d0ymUyc6Z0VREi+nuvRz88PjYLUL3Z5Swwu7M8eUuKI/W/sYMuzvI9po9GoUqn27NlTUVERFRUltpyy0kjYtVrogS8+b9Pb9PgawrjXff4MwyxZsgTthFy8eDElJcXp7TtRxJ4k8y69i9u3b2/YsKGkpMTf359hmGfPnmm12rfeegu9GxYWZjQapbSjUCgOHjx4+PBhUssIrVYrcWhiWlpaPDw8WlpaHG5B3DvpWQ/SBfztlfrvjwfEkBYAthfXPZOCLnT/Qp6F4RhtbW2dnZ1vvPEGwzDjx48vLCzUaDRVVVXix3o6xgA8MmMQeXvAsP17jNlsvnfvHnpdV1f3yiuvMAyjVqs9PT3v3r2Lzuv1+pCQED8/v97eXu7XFIPB4IBBr776qlqt/uWXXyoqKhISEvhvYTvFNqJWqz08PJqamriS6MXz588vXrzITwDY0UnEw8OjqKho2bJl0dHR3P+DxV2Q6Orq0mg0+fn53H2aVqt15syZXV1d9tpTWFioUqkWLlxIahkRxEPcCMW9PT09WVlZZ86cKSgoID2nnWuEYRi+S+m9v/nmm6tXr966deuJEycuXLjAMExbW5vRaPziiy8mTZoUFBREemSvXSUpNjh9AYh7GTNmjJ+fn1jxQfp6pjN+/HiFQtHZ2cl1ih7ZQuoXSz+NsdeN2PJ+fn4ymezvv/9G5xcsWJCamlpUVIS9wZ6y0rDYu1rs/TSz6W1nTffgg36Z00jWxMbqyUvUHm8kC4mzLLtjx47IyEixNjipU+xGSn9E7KXvlaGTfJl3sWI5th2LxTJ37tyMjAwzD5ZlExMTk5KSDAaDVqudOnXqkSNHKI1wTYWFhRUXF9NbJsFvE+telmXT0tLQvmVubm5cXBzFLSxZll8ARQ1erI1P2iuzWZL+l1abC0DiXopA518M6ZkUWDV7BzacsUL3pH4FWv302ad0yn9Ahs04Yv8bO6RPlbS0tJkzZ9bU1LS3t6NvTuPGjdu+fTvWAxJXGoe9qwX7aUapYvOJFaT4GtpIuj8Gq4mN1ZOXqD3eSBUSR1sN6FBQcWBE7O3NMSxP5l2sWE5qR5DsucdwJSUl+fj4BAcH5+bm0htBnDp1iv+zDallEvw2se6tqqpSKpXox1Wz2RwSEnLq1CnKhCKZfYVCERYWxpflF0B51oNYG5+UY2yWtJlj6AtA+ic+twCwkJ5JQVKzl9Kj4ONeLHRP6Veg1U8yhtKpOEbocSSuS1Ls37JlS0hIiFwunz59+unTpxsaGhQKhfjzmiU/AIKEvasF+2lGqWLziRVYDw95XmJZ1oVXSQ7x+PFjlUplNBopt1bYxZ07d2bPnv3PP/9EREScOnXq7bffRuebmpqmTZvGXQ47BUEXw5ympqaoqChu98/dcMUCGIbY60Zw+7DC7X7zZxjm8uXLsbGxzkowzMCK2A8uxXIAAACX4nY5pqen5/Dhw0lJSf1sZ/fu3YGBgYsWLWpoaMjOzt6xY4dTzAMAwJ0JCAjAnm9oaODftw8MGG6XY9RqdWJiIuXWdInExcVlZmampaW98soroMsNAMME0t/TIcG8KBz8PebOnTuZmZnl5eVyuTwxMTE/Px/dHNDW1paZmVlSUiKXy5cvX56Xlzdy5EhU5dGjR+Hh4VevXo2IiHDmCAAAAAB3xUFtf5IEPUVV/tChQ8nJyZBgAAAAhg+OXMc8ffq0oKAgNTUVXX7eunUrISHh3r176P9g7e3tSPT3+vXrK1euRHdUPXr0aObMmeXl5XDFCgAAMHxw5PcYJEGPXvMl6JGqPFeMryp/+PDhrKwsSDAAAADDCtvXMeL/abS1taEX58+fX758eWxsbElJCfe7C8d7770XFxe3efPmx48fh4SEjB492mw2p6Sk7Nq1C1R9AAAAhgO2r2MoMoJICyQtLa2wsHD9+vX8t3bu3GmxWLKyshiGKSgoiI2NPXbsWHd3t0ajGTdu3Kefftp/0wEAAAA3xwn3+f/888/bt2+/ceMGd+bHH3/cuHFjZWUlEv2NiIgoLS2dMGECwzA//fTTrl27rl+/3s9OAQAAAPfH9nWMeK/MaDRSJOgFqvJdXV0NDQ0owTAMEx4eLlGvHgAAABjsOLJXhiToW1tbkdwLX8pbrCqvUCisVuvdu3dDQ0MZhtHr9XbJpwMAAACDFwf3yhYuXKhUKvfv39/e3r5y5cr09PSPP/74+fPn8fHxU6dO5T+de+TIkYsXLzabzQUFBQ8fPkxKSsrKylqzZo3zhgAAAAC4KQ7mmLa2toyMjJKSEqVSuWHDhm3btjEM09TUJHjqjo+PT1dXV0dHB1c4LS1t8+bNTjEdAAAAcHPcUdsfAAAAGBo4qCUDAAAAADaBHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4CsgxAAAAgKuAHAMAAAC4iv8DqjYMeMReAwcAAAAASUVORK5CYII=) --- **Mirror:** [Click here to view the mirror](<http://1174884.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 28 May, 2020 03:16 GMT ---|--- Vulnerability Verified:| 28 May, 2020 03:31 GMT Website Operator Notified:| 28 May, 2020 03:31 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 28 May, 2020 03:31 GMT