Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
c8887.shared.hc.ru |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
IAC (Improper Access Control) / CWE-284 |
CVSSv3 Score: |
6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Badalsardhara2 |
Remediation Guide: |
OWASP Access Control Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAKKUlEQVR4nO3cfUgT/x8A8FOnzLWZLr35MHwKpoiaWJiFRUiY2LBFCmGmURYRQ0IiUnoQCxVTySLxDxMT8Wv9ISJmEhKyQmTaWDbWHGabzbV0DbWhS2b3/eN+Hfe7bedmm1bf9+uvvT9393kce3uf2/TCMAwBAAAAPMB7qzsAAADgrwU5BgAAgKdAjgEAAOApkGMAAAB4CuQYAAAAngI5BgAAgKf8FjkmJibm7du3jkKw+dy7BLCgAPxnbX2Oeffu3Y8fP3bt2mU3BJvPvUsACwrAf9k6OUar1XI4HLuHFhcXa2pqHIXO6+vry83NdRRSfPz48dixY0FBQTwe7/z584uLi66Wa7Var/8XExPjTD9ppsK9tFptUFDQljSNo18CMkrH7L4HiNpsR0Eeqe26eHl5NTU1ESfPz8/7+vq+evWKUgNxsq+vb1JS0pMnT1wZKwDAszZ+H7OwsFBdXe0odJ5LOUYoFMbHx6tUqtHRUaPReOnSpQ2Us9lsy0937txJTk7eQLf/Ys7nmKioKKPRSIR23wPO10ZeF5xYLCaOdnd3s9nsrq4uR1fp9frr16+LxeJnz5450xwAYDNgtDQaDZvNduYQzZk09Hp9YGDg6uqq3ZBibm6OwWAQoVwu5/P5rpYbDIbs7GyiMCEhoaenx5mubmyAG6DRaAIDA7ekaWy9JaBn209ybbZHySNdd4zp6emdnZ2hoaHkvtle1dLSkpOTs4HOAwA8wan7mKamppiYmB07dpw+fRrfhlpcXIyOjjabzV5eXo8fPyaHjY2NHA7n7t27PB4vKCiouLh4ZWXFUc19fX1ZWVm+vr624draWnl5OY/H27ZtW35+/tevX0NCQgQCwcOHDxEEWVlZaWlpycjIQBDEpXIej/f8+XO8ubGxsbm5OaFQSOnV2NjYgQMHOBxORETEiRMn3r9/TzMV+Pn79u3z9/cPCQnJz8+fnZ1Ffm4N1dTUhISEhIWFPXr0CEGQ79+/nzt3jsPhREVF3bp1a21tDa9hdnb2yJEjHA4nLi7O9k91mqbtThT5KttuUPasKFtzlBUhfP78+ejRoxwOJyYmpqGhAb+EXBXlLUFfm6s+fPig0+lOnTqVmpo6MDBAc2ZaWppCofjF5gAA7rJ+jjGbzXK5fGRkRCqV6vX6a9euIQiyfft2lUqFb1MUFhaSw+PHj5vNZqlUOj4+Pj4+LpPJ6urqHFVOs1FWV1c3NDQ0NDSkVqvDw8OVSiWCIP39/RUVFf7+/gEBAcPDw62trfjJrpbj2tvbCwoKbD8BhULhmTNnZmZmXr9+nZGRwWQyaaYCQRCZTHbhwgWDwaBQKPh8PrHDYzabVSqVQqFob2/H015VVdXy8vLExMTg4KBEImlpacHPFIvFAQEBSqVyYGDAbo5x1LSjiaJcS+kGDUdbW2Kx2M/Pb2pqamhoqKOjw/YEyluCvjZXdXZ2FhQUIAhSWFjoKAfjuFzu0tLSr7cIAHAP+tscjUaDIMjS0hIejoyMxMbGEofs7pXhl8zMzODlPT09e/bswV/PzMxER0cTl5jNZjabbTKZ7IYoispkMkp/SktLU1NTpVLpixcv+Hx+a2vrxsoxDLNYLIGBgbZNmEwmBoNhsVicnwqyqamp0NBQ4nxiOLjg4GCz2Yy/lsvlaWlpGIZZrVYmk0meMdu9Mpqm7U4U5VpyN2wXjmiOsgQEvIfT09OUHtLvl1Jqw3sSTMLlcsl7ZZSjYrGYqEogECgUCgzDlpeXURQlpoJ+/w0AsOVcex5Ds4FOzjFMJpMoVyqVKIrir61Wq16vJw719PRkZmbaDRcWFhgMhtVqJXdmdXWVxWJNTEzgYVdXF569XC3HdXd3Jycn2x31yZMnU1JSysrK6uvrh4eH150KmUx2+PDh8PBw8uem7cefyWQif4xyuVx8ZvR6PWXG6J/HkJu2O1E019LXRlkRgl6v9/Pzs+0hfY6h1KbRaFgslo5kdHSU/HaiHCWSk1QqTU1NJeopKipqb2+nGR3kGAB+H4zNvGfy8fEJCwsjwnW/Uebj40MOTSbT6upqUlISHqakpOh0ug2U49rb28+ePWu3n//888+bN28UCoVery8rK9u/f/+DBw9oxiUSiUpKSlpaWphMpk6ny87OtnuaxWLx9vYeHx9nMP437d7e7vl9EmWiNsxdW1uOavP29o6IiCBCq9VKc5TQ2dmpVCpDQkLwEP8KWXFxsd1GTSZTQEDAr3YdAOAmHvkNpsVi+fTpE/5arVZHRkbanrO2ttbf3098BlHC7du3c7lcyo/DeTweg8H48OEDHqpUqujo6A2UIwgyOzs7PDyMb/HbtXv37uLi4vLy8ra2tt7eXprBzs/P6/X6Gzdu7Ny5MyIignh4YyssLIzFYplMpoif8IyLoiiCIOQZo2mOwu5E0eNyucvLy9++fcNDIu9SloAMRVFvb2+tVouHKpVq3VZoanPJ2tra06dPJRKJ/CelUjk+Pv7582e750ul0sTExF9sFADgNvS3OfR79wwGQ61WU0J8Yz0vL0+n0ykUipSUlMrKSqIG4jmHRCJJTEwkyikhhmHV1dVpaWkTExM6nU4sFkskEgzDxGJxZmbm9PS0TCYTCATEnomr5bW1tSKRiDJYvG9KpTI7O/vly5dGo3FmZqakpEQoFNJPBYqizc3NCwsLarVaJBI52ivDMOzixYvp6en4HVJdXV1VVRVeLhKJyDNG1Ix3iaZpRxNFzLPdbqSlpZWUlBgMBrVanZGRgddmuwTkh1J5eXkikUij0SgUiuTkZLtjJL8lbGtz5rvLlN/HWK3WwcHBhIQESv/z8vIaGxspVxmNxu7u7uDg4P7+fgwA8HvYeI7BMKyyspLFYhEf3HjY0NDAZrNra2tRFA0MDCwqKlpeXrat7cqVKxUVFURVlBDDMKvVevXq1eDgYCaTKRKJjEYjhmH47/JQFI2MjKyvrydOdrU8Pj6+t7fX7khXV1crKysFAoGfnx+KooWFhQaDgX4qJBLJnj17mExmaGhoWVkZTY6xWCyXL1/m8/ksFisnJ4d4iq7T6bKysthstkAgqK+vp9RAvwq2E0U+3243pqamMjMz2Wx2QkLC/fv38dooS0C50GAwCIVCNpsdHR1dW1vraIzEW8J2QdfNMbZ/AN27d6+oqOjq1auU/re1teFPaMhXMRiMhISE7u5uDADw2/DCMMy9N0ZarTYxMZHYinEkLi6uo6Nj7969dkOw+ZxfgsnJyYMHD3758sUttQEA/mKb+syfbHJykiYEm8/5JZDL5bGxse6qDQDwF9uyHAP+LLdv3w4PD8/NzZ2enq6oqLh58+ZW9wgA8AfY+v/tD/4Ihw4dam5u5vP5hYWFpaWljr46DAAAZO5/HgMAAADg4D4GAACAp0COAQAA4CmQYwAAAHgK5BgAAACeAjkGAACAp0COAQAA4CmQYwAAAHgK5BgAAACeAjkGAACAp0COAQAA4Cn/Ar464tELPE3pAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
2 July, 2020 12:28 GMT |
Vulnerability Verified: |
3 July, 2020 08:15 GMT |
Website Operator Notified: |
3 July, 2020 08:15 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
3 July, 2020 08:15 GMT |
Vulnerability Fixed: |
3 July, 2020 08:22 GMT |
— |
— |