logo
DATABASE RESOURCES PRICING ABOUT US

teamgaza.nl Improper Access Control vulnerability OBB-1268112

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[teamgaza.nl](<https://www.teamgaza.nl>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 CVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Badalsardhara2 ** Remediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAREElEQVR4nO2df0yUZRzAX/GEA49fAofgoUCFzjmjIkKnZa4ZEaPTUBlRmjHwD0JjyZAVkZoaZjMqxtps5lptrYgx55i7+oMxRkR00o1O5giu8yAEBDvpRLi3P5717O19ftx7J3cc8P38dc9z3+d5vr9eHt7nvfveElEUBQAAAADwAgFzrQAAAACwYIE9BgAAAPAWsMcAAAAA3gL2GAAAAMBbwB4DAAAAeAvYYwAAAABv4b97TFJS0tWrV1lNwEssKj/PC2N9pqRfecOvlMH4p1Z+jp/uMb/99pvT6Xz44YepTcBLLCo/zwtjfaakX3nDr5TB+KdW/o+LPWZgYCA0NJT61sTExKlTp1jN+6SpqSknJ4fV9A2za5G/QY3snPhZIfcZDnK41Fj8Lifh5wSfRcQHCymPoPeUGRgYiIyM9Gws0mq2MmRh/3n5HyKX/v5+jUaj5C2OpAekp6dfuXKF1fQNs2uRv0G1bk78rJD7DAc5XGosftffgu6ziPhgIeW+9Z4y/f39ERERno1FWs1WhvhbpnkPfzwrGxwc7O3t3bZtG7UJeIlF5ed5YazPlPQrb/iVMhj/1GpeoGiP+eijj5KSkqKiol5++eWJiQlBECYmJhITE+12+5IlS7744gtp88MPPwwNDT1z5kxsbGxkZOS+ffv++ecfNM/PP/+8devW0NDQVatWvfjii7///jt1uaamph07dixbtkzW3Llz55kzZ1Dn1atXg4KCkDKCIBQXFx85coQv8NBDD/GHS3WQGSgIwt27d1977bXQ0NA1a9a88847MzMzyKJNmzYFBwfHxMTs3r37xo0bwn/nLWfPnk1KSlq+fPnevXtHR0ePHDkSExMTFRX16quv3rlzB60yODj4/PPPh4aGJiUlnT17Ft/FU6cVBGHJ/+FIYqTKREZGvvTSS9hqjtv5niwuLmaFmGRmZubo0aOxsbHLly/fvXv36Ogo6r9z505xcXFMTExCQsK7776L/MnSVkk4OJaSw6XGSt/97rvvBFrCI/iL8mNNzR+Be1FIlXQrVcg84aeKdCGWGFVPaifVUjIELMOxMnv37n3vvfewkps2beJciZzo37hx49lnnw0NDV27du1XX32FJ+Rk4KlTp2JiYuLi4s6fP0+6SBCE999/n0x+6oTUTtIbCxjXe4zdbjcajW1tbR0dHTabraKiQhCE8PBws9ms0WgcDkdBQYG0uXPnTrvd3tHR0dnZ2dnZ2dXVVVNTg6bKzs7ev3+/xWJpbW3dsmWLWq2mrsh6GJOdnW0wGFDnpUuXnE5nc3MzahoMhqysLL6AXq/nD5fqIDNQEIRjx45NTk52d3c3Nze3tLTU19cLgtDV1VVUVDQ0NGQymXQ6XUlJidRpra2tRqPRZrOtW7duZGSku7u7vb29v7+/srISiZWUlAQGBl6/ft1gMFy8eBGvzprW8R/l5eV5eXkcSVkEu7u7UQQtFgteneN2vieffvppVohJampqDAaDwWDo7e2Nj4/v6elB/aWlpTabraurq7m5uampqa6ujqOtwnCwLCWHS40ls5dMeARrUSWxpo4VuBeFVEm3UoXME36qSBdiiVH1pHZSLSVDwDIcK7Nnz57GxkbUOTg4aDQa9Xo9x5Os6JeUlISFhfX09Fy+fFm6x3Ay0Gw2m0ymCxcubNmyhXSR3W7v/A9p8lMnpHaS3ljI8I/S+vv7BUG4ffs2ara1tSUnJ+O3qM9j0BCLxYL6Gxoa0tLSRFEcGxtTqVQOh4NcxWKxJCYmotd2u12j0YyNjZFNm80WEhKCZkhPTy8rK8vPz0crhoWFTU1N8QUsFgt/OGm71MDo6Gi73Y5eG43G9PR0mfz169dXrlyJPTA+Po76W1tbAwICJicnsQ8ffPBBURSnp6fVanVfXx92FPWkGE+LMZlMq1evHhkZcSkpEhFsbW1FEZRZJ3M735PXr1+nhpiKVqvt6uqSdU5PT2s0Gmx7U1NTRkYGR1tSYTIcnLGy4TJjRSJ7qQnPWdRlrKljRe5FIVXSs1Rh5YlMkvQGKUbVk6U860qRhoA1VqrM5OQkumxFUayrq8vJyeHMz4o+cp00V5Hr+Bko84ZUK9bfN+qErFXExfQ8RuVyE9JoNPhzFPHx8WNjYy6HqNXqhIQE9HrdunUWi0UQhMjIyNzc3IyMjO3bt8fHx6elpT311FN42ra2NvT6ypUr6enp+ChA2oyLi0tJSWlra1u/fr3NZquqqkpJSZmZmTEYDM8888yyZcv4AgkJCfzhHItu3bo1MjKSmJiImk6nU6VSCYLw66+/lpeX9/T0TE1NOZ1Op9OJnRYeHo5e63S6sLCw4OBgbOzIyIggCMPDw06nMykpCTsKL8eaFlFUVFRbWxsVFeVSEiuDI6jT6agRlLmd70mVSkUNsSAIMTExeM6bN29OTEyMjY1t3LhRttzw8PDU1JTUdnTpKtSWFQ4lY0ljZbASnrOoy1izxnIuCqmSnqWKNE84kjJvUMWoelI7WZbKYBkuVSY4ODgrK6uxsfH1119vaGjYv38/x5MCI/rDw8OCIEhzFb3gZ6AsN2QuoiY/dULOKosH13vMLPL111//8ssvJpPJZrOVlZVt3rz5448/FgRh6dKlcXFxSIb/qeWsrCyDwdDX15ednR0eHp6amtrS0iI96eILuBzOwuFwBAQEdHZ24oQOCAgQBEGv1xcWFtbX16vVaqvVmpmZOSuO4kz76aefJicnv/DCCy4l3YL8tKhnvjIajWTn0qVLPdOKBTUcU1NTCod79tHY+1mUlT8C+6JQqCQrAWR5wpGULcQSo+pJdlZWVrIslUGdUKbMnj17Pvnkk4KCgo6OjoaGBr4nvYc/f6Z/HsC/zSEPxPBNusKzssbGRupBitFo1Ol0ss7p6eno6Gh8aylriqLY1taWnp6ek5Nz+fJlURTr6upKS0tXrlxps9mUCLgczrFdo9HIznyGh4dVKpXUIuQcjtOkTXQX39/fj/rxXTxrWlEUrVbrunXr8I08R5JlBV5d2k/6me8rhSFGaLVao9Eo6+ScVCjMNzIcLt2O3qUay/rssmwSDxbFTXIsCb4oyAvBrVSR5QlHUraQkowSGRcv7mRZyjkdQmPJ0DgcjhUrVpw7d27Xrl24kzo/KxCys7LGxkaXZ2UyJWVasZIfzspYeL7H2O12lUrV29sra6IY5ObmWq1Wk8mUmppaXV0timJPT09mZuaPP/44MjJisVgKCwuzs7PxzOhktqWlZcOGDbhT1kRotVqtVovkrVZrWFhYamqqcgH+u9IDYpmBBw8ezMjIQP921dTUHDt2DM1WV1c3Pj7e29ur1+vd2mNEUczNzdXr9f39/SaTaePGjbifOq0oirt27fr222/xE12OJDaEpczt27dVKpXZbJ6enqb6meMrVoipnDx5Mj09vbu722q1lpSUtLS0oP7CwsKcnByLxWIymR599NHa2lq+61yGg+92PJxqrDR7OZO4u6i0Sc0f1kVBKulWqpB5wpIkF6KKUfVkKU+1VBZB6lhqaPLz88PCwr755htOFERu5uj1emmu4n4lGUi6iJP81AmpnSKRzwsYz/cYURSrq6tDQkIuXLggbZ49e1aj0Zw+fVqr1UZERLzyyivoEejU1FR1dXVKSkpgYKBWqy0oKBgaGpKt8uabb1ZWVuL5ZU1Efn5+bm4ubqalpclk+AKcd8n0khrocDgOHz6s0+lCQkKysrLQ/yYtLS1paWlqtXrlypVlZWXu7jFDQ0PZ2dkajSYxMfH06dO4nzqtSPwqthIFOMpUVFQg66h+5vgKzUmGmMr09HR5eXl0dLRardbr9fgRtN1uLyoqio6O1ul01dXV09PTLl3HDwd/LB7+3HPPUY2VZi9rEncXlTap+cO6KMiIuJUq1LMKqiS5EFWMqidLeaqlsghSx1LzsLGxUaPRSBOMOj8nEFardceOHRqNJiUl5YMPPpD+1+IyA0kXIYGamhoy+akTUjtl3hAXNC72GA+4n3vAlJSU9vZ2VnNhYzabtVrtnCztrp/n9W3+vEgqvpKzmCp+5Q2/Ugbjn1rNI3z6zN8l165d4zQXNkajMTk5eU6WXlR+nhfG8pWcxVTxK2/4lTIY/9RqHuGPtWR8ydwW6z5+/Pj58+dv3rz5008/VVZWHjx4cK40AfwcSBVgnrKo95g5L9a9bdu2uro6nU5XUFBQWlq6b9++udIE8HMgVYD5imdHbOPj4ydPnpzdYzsZZrM5MzMzLCxMq9UeOHAAf5VauQD5dafMzEypwIkTJ0pKStxVjPrxX9EnPuFz+PBhtVote2oNAAAwh3h4H4P+nt7v/sYlKytLp9OZzeauri6Hw0EeDrgUEAQBVQTCNDU1Sd+9z69WrVmzBn2LG+EDn3AYHR2tra1tb28/dOiQVCsAAIA5xL+e+WPu3r1bWlp64MABVByioqJC9vVylwKYoKAgav+sFOtmTe577HZ7SEgIOveb9e/VAwAAeIbr+xiyBLesMDW1GjZZIRyJKSwIHxQUdOjQIbR/3Lt378svv9y+fbtbAgin03no0KHY2NjY2Ng33ngDF1QXiGLdGGrlcGp5cOkv4pHFusma3lRHKS99z6lePjo6KvttBWwOqyY8AACAD3C9x5AluMnC1GQ1bGqFcOUF4THff/99SEhIR0fHZ5995oHA5OSkRqMxmUxtbW0Gg+HcuXP4LdZBGbVyOKs8OIb0CbWmN+kot0rfs6qXR0VFSavTSxVj1YQHAADwBfzHNawS3LJvkgtENWwpqEI4qyY2n8nJSVTLob6+3l0Bh8Mh/fJUY2MjLjPOqWdOVg5nlQdnVWwTGcWLqI5SXvpeYe16mRpKasIDAAB4CRfPYzi1x6WQ1bCpFcIVFoSXzhMcHLx169aampq33nqruLiYXJojEBQU9MQTT+CmdEVWdXdq5XBWeXAOrJreMke5W/peYe166TysmvAAAAA+wPUzf1btcT5u1ZwnC8Lfu3fPaDQ+/vjjqJmcnGyz2dwSoIJ/M4N1UDYnlcPhET0AAAsVRX9AH3vssX379h09evTzzz/Hv37K4ebNmzab7e23337ggQdWrVqFf0XV4XD8+eef6HVvb+/q1avR61USUI/T6dy8efOtW7dIYYUCgiD88MMPjzzyCG729PSgG5SZmZlLly5R95i4uLiQkJCxsTGsT1xcnFarFQRBqrlLD2i12sDAwD/++AM1zWYzvjeSEh4evmLFCrLQgMLhStQICAgYGBjA83gwCQAAgOfwj9JY5bulhampFRLJCuFuFYQXRTE7OzsvL89qtRqNxvXr19fV1aF+/HDIpcD4+Hh0dHRVVdXIyEhXV9eGDRtQYW2yhLj0gRO1cji1PDj5c8XSYt1kTW+qo5SXvlf4+ygyMVZNeAAAAB/gYo/hFOTHhampfzrJCuFuFYQXRXF4eDgvLy8iIkKn0504cQJ1StdyKSCKYmdn55YtWzQaTXJyck1NDeqkFuvGTWrlcGp5cP5vAZA1vamOUl763rM9hlUTHgAAwAcsEYlfm/ASAwMDGzZs+Pvvv32zHIe1a9devHhR+nGARcK1a9eefPLJv/76a64VAQBgseCn3/P3Kou2WPcc/nwAAACLk8W4xywqjh8/Hh8fn5OT09fXV1lZWVVVNdcaAQCwiFjUtf0XA1ATHgCAOcR3z2MAAACAxQbcxwAAAADeAvYYAAAAwFvAHgMAAAB4C9hjAAAAAG8BewwAAADgLWCPAQAAALwF7DEAAACAt4A9BgAAAPAWsMcAAAAA3gL2GAAAAMBbwB4DAAAAeAvYYwAAAABvAXsMAAAA4C1gjwEAAAC8BewxAAAAgLf4F3JkUm4tjYxnAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1268112.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 21 August, 2020 09:15 GMT ---|--- Vulnerability Verified:| 25 August, 2020 07:24 GMT Website Operator Notified:| 25 August, 2020 07:24 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 25 August, 2020 07:24 GMT Vulnerability Fixed:| 25 August, 2020 07:36 GMT ---|---