Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
ikooba.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
IAC (Improper Access Control) / CWE-284 |
CVSSv3 Score: |
6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Badalsardhara2 |
Remediation Guide: |
OWASP Access Control Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAI6UlEQVR4nO3cbUhTXRwA8Nt8m3rnWsupc4YzWyKyhskwUBOREBtjlhKYYYFoiAkJippJEfSiGBXhJxHsS32oIUNCZESsMcRkzbVsDbF5WzNqDhfTxnDb8+HyXO6zl+uyTffE//fpnnPPPed//2d42D277vP5fAgAAAAQBbS9DgAAAMBfC9YYAAAA0QJrDAAAgGiBNQYAAEC0wBoDAAAgWmCNAQAAEC2xu8bw+fyFhYVQRRApkU0sTBMAgCxG15j37997vd5jx44FLYJIiWxiYZoAAH62WWNWVlYYDEbQUw6H486dO6GKf0ihUEil0lDFXUDcOEUGdtZhTAk/sX7xB53uiE/T1atXk5OTJyYmYjN7AIDt+SiZzWYURcM5RdFyB8Ri8czMTKji7nC5XL7I3Vdk8xMpv5VYPCG4oLcT2Wmy2Ww0Gk2n021tbfmNDgD4v4jf6zUuiNXVVZPJVFlZGbS4a5KSknZ5xF32u4mlTkjEp8npdKakpBBP3v766QDgrxTWfszDhw/5fD6bzb5w4YLD4UAQxOFw5ObmOp3Offv2TUxMkIv3799nMBjDw8MZGRksFqu5ufnXr194P2/fvi0vL2cwGNnZ2WfPnv348WPQ4RQKxalTpxISEvyKdXV1w8PDeOXCwkJSUhIeDIIgbW1t3d3d1A2OHDlCfTk5hqAPZz58+MBms9+8eYMXNzY22tra0tPTc3Jybt686fF4qOsRBLl3717QtJw4cSI5OTk9Pb2hoeHr169+43o8nr6+voyMjNTU1IaGhrW1tVCj4GGPjIzw+fzU1NRz586tra11d3enp6ez2exLly5tbGyEyjNhdXX19OnTDAaDz+ePjIywWCy/hPjNfmBvOwuYxWKdP38en5S1tTXyEOTRg4YHAIhN268xTqdTp9NpNJq5uTmr1drb24sgCJPJNBqNKIq6XK6mpiZysa6uzul0zs3Nzc/Pz8/Pa7XaoaEhvCuJRHLx4kUMw9RqdVlZGZ1ODzpiqM0YiUSiVCrxyqmpKa/XOz09jReVSmVtbS11A5lMRn05dR4cDseZM2fu3r1bXl6O13R2dlqtVq1WOz09rVAoRkdHqeudTuf8v8hp0Wq1ra2t3759MxgMPB6vo6PDb+ihoSGlUqlUKk0mE5fLXVxcpB5Fp9Op1WqdTme1WgsKCmw2m16vn52dNZvN/f39ofJM6OjoSExMXFpaUiqVT548CWzgN/uBvf1uwHq9Hv+AYRiGR8hmswOHCDM8AEAMoX6UZjabEQT5+fMnXtRoNHl5ecSpoPsx+CUYhuH1crm8pKTE5/PZ7fb4+PigT9UxDMvNzcWPnU4niqJ2uz2waLVaU1JS8B7EYnFXV1djYyM+Ylpamtvtpm6AYRj15X43TtwOflBbW9ve3k402NraQlF0eXkZLyoUitLSUor6UGnxs7S0lJmZ6VfJ4XC0Wi25hnqU9fV1vF6tVtNotM3NTbyo0Wjy8/OD5pncM51OJ3qWy+X79+/3bbf95tfb7wZMfMDUanXQDxhxHCo8AEBs2n4/BkVR4jEFl8u12+3bXkKn03NycvDjgoICDMMQBGGxWPX19aWlpVVVVVwut6Sk5OTJk0S3Go0GP56ZmRGLxcQDEHIxKytLIBBoNJrCwkKr1To4OCgQCDwej1KprK6uTkhIoG6Qk5NDfTnFHV27dm16enpsbIyo+f79u9vt5vP5xG3ify5D1YdKC4Ig79696+npWVxcdLvdXq/X6/WSh3Y4HHa7XSgUkispRkFRlMlk4sc8Hi8tLS05OZnIs81mC5pncs9er5fcM0VaCOTedhAw8QHj8XjUH7CdhQcA2Cu7+n7M06dPx8bGhEKh2+3u6uq6cuUKXh8XF5eVlYUfU/9quba2VqlUTk1NSSQSJpMpEolUKhX5SRd1g20vD2pzc1Mulz979qy3t5fYwokgmUxWUVGhUql0Ot3Lly+DtomLi4vsoJH9nXFgbxEPGADwfxSVNcblcn358gU/NplMhw4dIk4dP368ubm5r69vfHx8cnLS70KPxzM1NUX8tfIrIv9uyRB/0WQy2eTk5OvXr4lFgrrBtpcHRaPR5HJ5Q0ODWCweGBjAKzkcTmJi4ufPn/Gi0WjMzc2lqA+Vlh8/flit1uvXrx8+fDg7Oztwj4rJZB44cMDv5XmKUcIRmFhyzzQabWVlhej5d3uLRsB/Eh4AYC9RP0oLfApPPP52Op3x8fEmk8mviD8Dqa+vt1gsBoNBJBLduHHD5/MtLi7W1NS8evXKZrNhGNbS0iKRSIie8W0SlUpVVFREVPoVcRwOh8Ph4O0tFktaWppIJAq/AfVZYrsocD/G5/MZjUY6na7X6/FiS0uLVCrFMMxgMBQXFz969IiiPlRa8JBGR0fX19dNJpNMJsMzTN64un37tlgs1uv1Foulo6NDpVJRjBJqvsjFwMSSh6uvr5fJZGaz2WAwCIXCoPsx5NkP7C0iAQfdjwkVHgAgNu38e0xqaurAwIBIJMJ/vUoUX7x4gaJoSUlJcXFxWVmZUCjs6elBECQ/P7+0tPTy5cv4ZozL5SK2N1ZWVg4ePIiE93p/dXV1RUUF/rZEdna2QCDw+xZC3YDiLBFGKEePHm1tbSV+9/XgwYPMzMzi4uKamhqpVNre3k5dj6KoWCz2SwuCIM+fPx8fH8/MzKyoqMjLywuMpKenp7KysqqqKj8/32KxFBYWUowSDr/E+g33+PHjra2toqIiiUTS2NgYtAfy7AdOU8QDJgsnPABArIj4qvUnL7QLBILZ2dlQRRAp4SfWaDRyOJxI9RZx4YQHANhDsfWe/6dPnyiKIFLCT6xOp8O/WkWkt4gLJzwAwB6KrTUGxIJbt25xuVypVLq8vNzf3z84OLjXEf1HjIcHACCL0f/tD/ZQZWXl6Ogoj8dramrq7Oxsbm7e64j+I8bDAwCQ7fP5fHsdAwAAgL8TfI8BAAAQLbDGAAAAiBZYYwAAAEQLrDEAAACiBdYYAAAA0QJrDAAAgGiBNQYAAEC0wBoDAAAgWmCNAQAAEC2wxgAAAIiWfwAdSTCYxv29XgAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
23 June, 2020 09:05 GMT |
Vulnerability Verified: |
24 June, 2020 17:25 GMT |
Website Operator Notified: |
24 June, 2020 17:25 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
24 June, 2020 17:25 GMT |
Vulnerability Fixed: |
24 June, 2020 17:50 GMT |
— |
— |