logo
DATABASE RESOURCES PRICING ABOUT US

ltwhcm.cn Open Redirect vulnerability

Description

Open Bug Bounty ID: OBB-1175024 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[ltwhcm.cn](<http://ltwhcm.cn>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[Open Redirect](<https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet>)** / CWE-601 CVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **myNickName ** Remediation Guide:| **[OWASP Open Redirect Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVZ0lEQVR4nO2dfUxT1//H71jFCgV5KOVRBWIqcwyRNAwNOmaYEtaQijgNY/hElDBCCFHH0DimBBki2RgSYtAgMcw/jGOEmIY0W8YIY8gQKzIgTVdYLR1iBVah1sr9/XHzvbm/e885fYDyeF5/cQ73fs7n8znnntN72vu+b5EkSWAwGAwG4wRcFtsBDAaDwaxY8BqDwWAwGGeB1xgMBoPBOAu8xmAwGAzGWeA1BoPBYDDOAq8xGAwGg3EWS2KNCQsLe/ToEay4kljBoWEwC8/qmTqWL4u/xjx+/Hh2dnbbtm3A4kpiBYeGwSw8q2fqWNZYWWOGh4c9PDyA/5qcnLx8+TKsaDvNzc0pKSmsIqtd240jHF506EhfvHhx7NgxPz+/4ODgL7744vXr1w7bdDjtCBYmh8xWrEYxR5eGh4e9vb0dOMvGwe8Av/766/bt293d3Xfs2PH48eO5mKKgY5zf7ptL18zXFAEDOHXMo30uS3l6WbqQSDQajUAgsOVfiCPRxMbGtra2sooOG3fYjQWAjjQlJSU9PV2r1Q4MDMTHxxcWFjps0xnxLlgOTSaTjS3O0SWNRuPl5eXAWTYOfgcICAhoamoyGAzFxcUSiWQupmiX6BjpxM6LWYe7Zr6mCBjAqWMe7XNZytPLkmWR98pGR0eHhoYSEhKAxZUEHdrMzExPT8/169eDg4O3bNlSWVl59+7dxfZucVi7du1iu7BoWCwWiUTi7e0tkUjMZvP8Gl8NiV09U8dyx6Y15rvvvgsLC/P19f3ss88mJycJgpicnAwNDTUajW+99datW7eYxcrKSg8PjytXrvj7+3t7ex85cmRmZgZmubm5ee/evWvWrAEWKVht7d+//8qVK9S/Hj16tHbtWsolgiBOnTpVWloKdJjizZs3X375pb+/v7u7+8GDB58/f07d/F69ejUsLMzd3f3QoUPPnz8/c+aMn5+fr6/vsWPHXr58yXUbbcfb2/vTTz9ltssMbd26df/884+7uztVr1KpgoKC0EGdOnUKmFJWZgiCePny5alTp/z8/DZs2PD111+/efOG4NzgMzeOuIEgOh3BgwcPdu3a5eHhERwcfODAgb/++gsd0ZkzZ2ivuFHAvLLLpadPn+7bt8/Dw2PLli2NjY10/atXr06cOOHh4bFp06avvvqKShEwBKa1J0+e+Pr6/vbbb/amHXYh5OTkJCcnf/7550VFRUz36BMvX77s5+cXGBh448YNmNvAGJndbbspYNq5kcKwa4q4desWIjnojqBBTB3c7kA0B8wG+nL+5ptvWHYQlxhBEKOjox9//LGHh0dYWNjVq1cd2LZd1lhfY4xGY29vb0dHR1dXl06nKywsJAhi/fr1AwMDAoHAZDJlZGQwi/v37zcajV1dXd3d3d3d3T09PeXl5TDjtuyostqSSqUKhYL6V0tLy+zsrFwup4oKheLDDz8EOkxRXl6uUCgUCsXQ0FBQUFB/fz8dYHt7e29vr06ni4iIGB8fVyqVnZ2dGo2mqKiI6zbMjlKppNodGRlhnQgMbXBw8PTp0xUVFbYExU0pKzMEQeTl5el0up6eHrlc3tzcXFNTA8s8IhAC0ukIpFLp0aNHR0ZG2tvb4+Pj+Xw+OqLk5GT6XG4UiG4CuuTHgSCI3NxcT0/P/v7++/fvMyfxixcvTk9PK5VKuVze1tZWW1sLC4E+ZXJyMjU1taysbNeuXXalHXEhCAQCtVpdX18vl8vfffddVj6NRuPAwEBfX199fX18fDzMbViMDpgCpp0bKTDV9k4RlClYchAdwQQxdQC7A9YcLBuwy9loNHb/D/TkRpObm+vq6qpSqRQKRUNDg9XjVxrorTSNRkMQxNTUFFXs6OgIDw+n/wXcbKVOGRkZoerv3btHbzePjIyEhobSpxiNRoFAYDAYuEXETq5Op3Nzc6N2nGNjYwsKCtLT06ljPD09VSoVzGGSJEUiUU9PDzfAiYkJqtje3u7i4jI9PU2fvnnzZm5aYHbodtvb25ntsiKl0Gq14eHhd+7csTEoYEqZmbFYLNTMRRWbm5vj4uKAyaQ37rmBcGNh5ZCLwWDg8Xis7wDQEZnNZqZXLA+tppflkpaDxWLh8/nMjNEhC4VCo9FI/d3b2xsbGwsLgfYqOTk5JycH+C8SmXZYr9XV1UVFRen1+oSEhKSkJJIkVSqVSCRiBssaLVy3YTGyEmuLKVjaSU7XcFPtwBSBSA6wI0h7pg5gdyD6ApgN2OUMs4O4xKhuov1hDsVVAs/qIiQQCOjbwKCgIIPBYPUUPp+/YcMG6u+IiIiRkRH69I6ODvqw1tbW2NhY+s6RVYQRGBgoFos7Ojq2bt2q0+kuXLggFovfvHmjUCgSExN5PB7M4cnJSYPBEBUVxQ1w/fr11N8hISGenp7r1q2jTx8fH2cdj7BDtxsSEsJMFDC0tLS0/Pz8Q4cO2RIULKVMxsbGzGZzWFgYfRh1ScCABULY2ene3t5paWlxcXF79uwJCgqSSCQffPABOiLWdqgtXiFcCg4OZh08OjpKEAQzY9QfL168GB8fDw0NpYqzs7M8Hg8WAnXMuXPn5HJ5XV0dzGFE2mG9VlRUJJfL/f39Gxsbo6KiLl++TLXLDJY5WoBuj42NAWPk5s2qKQI5GJhwUz08POzAFEFAkgPrCNunDlh3AJuDZYOAX862XIlMxsbGZmdnmf7YkpyVhPU1Zh55++23AwMD6aLDPz1MTk5WKBRqtVoqla5fvz46OrqtrY21A4PwwQHP52iHG9ro6KhSqfz999/pmrkENRfmJSE//PDDn3/+2dfXp9PpCgoKdu7c+f333y9YN1E7NkyUSiXwSJPJ5OLi0t3dTU8lLi4usBBOnz49PT197969O3fu5Obmpqam0p9F5sKzZ88MBsP27dsJgggMDKyvr5fJZN3d3dRGlr1u2wvalNW0c1Pd3d3tmCcwgGNpvqYOFvOYWAwU9G0O4h7Qxr2ypqYm4E8zLRaLUCikbyFZRfSvHjs6OmJjY1NSUu7fv0+SZE1NTV5eXkBAgE6nQzhMkqRIJOrt7bUxQG7RMTus0OhKVg06KFhKbdm0mZqacnFxYd74M/fKWIFYzYlVent7Q0JC0BGRnJ0T1l6ZXd1kda+sqamJPl4gEHB3hIAhaDQaHo/X399PkqRUKs3NzQX6Y+NeGd1rlG9DQ0O0tZMnTxIE0dfXBwwW5jYsRkRi0RmwZTAA98rsnSIQyWFBjyVW4Iipw5a9MmZzwGzAgoLZQVxiVDdpNBqquAr3yhxfY4xGI4/Hoy8Vukh1Q1pamlar7evri46OLi4upi3QO61tbW2RkZF0Pas4NTXF4/EGBgYsFgu3LZIkRSKRSCSirGm1Wk9Pz+joaLTDJEmWlpbGxsYqlUqtVpubm9vW1mb7GsPcI7bLDis0bipsCQqWUlZmsrKyUlJSRkZG+vr6YmJiqqqqqPrY2NisrCy9Xj80NBQfH0/7xg3Eag659Pf3JyUl/fzzz+Pj4yMjI1lZWVKpFB0RqxVWFPZ2ExCZTMbMGH18dnZ2XFwc9TG5vLz84sWLsBCYjQ4MDPD5fKVSaXvaEb2Wk5Ozc+fOvr6+8fHx+vp6oVAYEBBw/vx5bmZogG4DY7S6xgBNAdPOjZSLA1MEIjmIsWTj1AHsDkRfALOBXmOAdmCXGEmSaWlpMplMo9H09fVFRUXhNeb/gb62i4uL3dzc6uvrmcWrV68KBIKysjKRSOTl5ZWZmUl/hc60dvr06aKiItoUq0iSZGFhIdc4XUxPT09LS6MPlkgk1Olohy0Wy9mzZ4VCIZ/Pl8lk4+PjNq4xrMPsssMNjduQLUEBU8rKjNFoPHnypFAoDAkJKS4uplZokiRVKtWePXsEAsHWrVurqqqYH7JYgVjNIRez2VxcXCwWi11dXUUiUUZGhl6vR0fEbYUZhb3dBESr1e7du1cgEIjF4oqKCuZnhfz8/JCQEDc3t+TkZOoDLzAEVqN5eXm7d++2Pe2IXjOZTIWFhaGhoXw+PyYm5vbt22q12s3NDbjGI9wGxmh1jQGaAqadGykXB6aI+vp6WHJgY8muqYPbHei+4GYDscYIBILy8nKuHdglRpKkXq+XSqUCgSA0NLSsrAyvMXMFOKy5iMXizs5OWHElMffQbEwpZkmBew3BXJLjwNSxdPpiYGCA/gHhKmFBv/NnMjg4iCiuJFZwaBjMwrOsp47e3t7w8PDF9mJBWb0/olgYGfCVJDbOff6O4r///lts1zCYpculS5du3Ljx7NmzP/74o6ioKDs7e7E9WlAW7T5mcVkYGfAVJjbe29sLrMdKtBgMgoSEhPz8/JycnI0bN+bl5R05cmSxPVpY0FtpC7CPOTExUVpa6tQmuJSUlDB/iroArZhMpsOHD8OSmZSUVFtbi65Uq9UpKSleXl4ikSgrK4vWJjAYDBkZGT4+PkFBQWfPnjWbzSRJjo2NpaenU5X5+fnzKMS7FIANS6vDdensy9vIsnMYg2Gx+Htl1BqzwI0uwKsmmK28evUqKSnJYrEADxscHOzp6cnMzERXSqXSiIiIgYGBzs7O8fHxnJwcqv748eOzs7NKpVKhULS1tVHJzMzM5PP5fX19bW1tSqXy/PnzzgpyWbFp0yaucAMGg3Ei6CVoAT5GLfwnNZ1O5+XlRX3eX5hWNBpNSUkJLNKcnBz62QhY5djYGI/Ho4v0s2kmk4nH4zH11rZu3Wo0Gvl8Pq3C1NXVBVRdW744fB+z7Fh5EWFWGzbdx3C1rAm4gDZ9FlPgGqaVzVL8vnbt2r59+2gL586dY+1dIkTUWQLmCD1tpgw4UEgcKPf9999/u7u7P3z4kCCI58+fe3t7//LLLwiHma1s2rTp3LlzwNxOTk5SUiXoSj8/P7FYfO3aNYIgZmZmamtrKekRk8k0Ozvr6upKHcbn86enp93d3WdmZujXB5jNZvoALjAh/QcPHuzYsWPdunV+fn4HDx58+vQpQRDAeO1SR0erpsNk5xEwVfdZcK1xde8Rr2Ng4byhQlh7EQDwpQboUzCYpQJ6CaKfax0ZGVGpVJGRkfRzrcePH5dKpayHaRGqEgRBZGZm6nQ66jlYWsiWVvy2WCxarZbP59OSDJGRkU1NTUx/uI0yjev1erlcPjAwQJJkamqqTCbT6/UqlYr1bG1ycvLt27epv0UiUV1dncFgUKvVlZWV1BNYRUVFhw8fVqvV/f39CQkJ1dXV1MElJSXUU3g5OTmUijDCYWYrdBK4n0krKioyMzNtqVSr1Z6ennw+n8fjRURE0LcpEokkPz/fbDZPTU1JpVLmM48USUlJZWVlJITS0lKJREI93Z2Xl0c9BkiSZG1t7c2bNycmJvR6fX5+vkwmg8ULTBesxxEjAZF5FnQmJyYmxGLx9evXgRnmWuPKmcA84eK8oULCLzSq/ujRozqdjnrKLzs7G30KBrOksGmN4WpZw0SB0GsMUPqedVZcXNzdu3fpeuaX1WhhKKaAOUJPmykDDhMSh4mfm83miIiI4uJioVBIP8oOdBgo5g9cY8LDw3t7e1lPRwMr8/LyYmJiurq6WltbQ0JC6urqqPr+/v7o6GhXV1c3NzeCIFivmy0uLk5MTKQf+OcCVHRnoVKpAgICYPE6oI4OewkCLPMs6EyyVPdZGeZa464xME9YOG+oMJ0BisYTcOV84CkYzJLC+m+XgVrW9srIE0jpeyYymaylpeXAgQMtLS3JycnMt8YiGmUJmCP0tJky4EAhcYTc95o1a6qrqxMTE6uqqvz9/REO2/iegh9//DE0NHTbtm3Dw8PoytevX9fV1XV2dr733nsEQZSXl1dWVp44cYIgiHfeeefhw4eTk5M3b95sbGz86KOP6LN++umnhoaGrq4uWk+XqZv77NkzhKL7w4cPz54929/fbzabZ2dnZ2dngfFOT0/bq44Oq4dlnuUz/TdadR/RjzQwT7gtOm+o0MBE4xHK+fbqzGMwC8+Sez4mNTWV+qahpaXl6NGj826f9YsyrpB4UVERQu5br9e7uLjo9Xq0wzb+bq2qqqqgoMCWSoPBYDabqQWGIIjo6GitVss8wM3N7dtvv62urqZrnjx5kp2dLZfLfX196UrgMy5ARXeZTJaVlVVbW8vn87VabVJSEjDeBZCdB/psVXUfaM1sNtviCbBFJw0VDGaFg77NgWlZA7etEALX6G001g5SZGSkQqHw8vKiTVHY+J5HEq6nDZTZp6F/rAUTP5+YmAgICLhz546Pjw8l+Q50GNYK10+CIHx8fIRCoY+Pj4uLi1AoFAqFwEqSJPl8vkqloiOiYqe5fv16TEwMXTQYDJs3b25sbARGygSo6M79GRtz144Vr73q6AgJRVuE96mzgKr7LONcawi9SFt0Nmnma6gwWwdeaFb3n63K42Mwi4ut3/lztayBeuYwgWvbBcBJkrxw4UJUVBRX0xvWKPB7DqCeNksGHCYkDhM/z8nJ+eSTT0iSLCkpSUhIgDkME/Pn+km/hKOzs9PT05P1Zg5mJUmSubm5e/bsUavVPT09YrGYqYNrsVjCw8Obm5vpYmJiYl5enokB1x8KoKI7SZIikaimpmZiYmJoaEgmkzHnX1a89qqjI2Z2WOYRmWSq7rNeCcG15vAa46ShQv5veMMuNKtrDOwlGhjMEsGm52OAWtZAPXOYwLVdAuDUTgVVZJ2IEFFneQ7U02bJgMOExIFy393d3QKBgPrYaDKZQkNDGxoauA5zW2ElE5Zn7gTHqjSZTLm5uSKRaOPGjRUVFcwjGxoamDcx3O/GELMnTNG9ra1NIpHw+fyAgICCggKmBVa8DqijI2IEys5zMwNT3We+EoJrzeE1xklDhfYBJj5vdQMA9sYHDGaJ8BZJks7fkLOPly9fCoVCnU5n9TtzGxkcHNy9e/e///67ZcuWhoaG999/f17M0rAcdlIrS4d576DVAyx1w8PDkZGRdqmLOnAKBrPwLLnv/AmCaG1tjY+Pn8f5i9bTdpIMOMvh5SU27gDz3kGrB5w6zGpjya0xk5OT1dXVhw8fnqOdS5cuBQUFpaSkqNXqoqKiCxcuzIt7XObL4eXCaot3HsGpw6xCFl8TkwW9uTxHOwkJCTU1NSEhIRkZGU7V054vh5cLqy3eeQSnDrMKWYrfx2AwGAxmZbDk7mMwGAwGs2LAawwGg8FgnAVeYzAYDAbjLPAag8FgMBhngdcYDAaDwTgLvMZgMBgMxlngNQaDwWAwzgKvMRgMBoNxFniNwWAwGIyzwGsMBoPBYJwFXmMwGAwG4yzwGoPBYDAYZ4HXGAwGg8E4C7zGYDAYDMZZ4DUGg8FgMM7i/wA97T/nvDX2gAAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1175024.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 28 May, 2020 04:18 GMT ---|--- Vulnerability Verified:| 28 May, 2020 04:32 GMT Website Operator Notified:| 28 May, 2020 04:32 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 28 May, 2020 04:32 GMT Vulnerability Fixed:| 30 June, 2020 16:45 GMT ---|---