logo
DATABASE RESOURCES PRICING ABOUT US

skintdad.co.uk Improper Access Control vulnerability OBB-1320111

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[skintdad.co.uk](<https://skintdad.co.uk>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 CVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **VighneshGupta ** Remediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHg0lEQVR4nO3cXUhTbxwH8MdmNXPLNt+WL+VM0CJMbNgCNfGiLETMMqIMu1ohGuaFaBnUTYW9UCF1I4JdWBc1YoRICEHKCJVlmS9tYW1z63Wj2bI11P0vDhwO85yzzTz9h34/V+c5e57n/H7PGf7YczYjfD4fAQAAEMCq/zsAAABYtlBjAABAKKgxAAAgFNQYAAAQCmoMAAAIBTUGAACEEr41RqlUvn79mqsJPLBWABAmwrTGjIyMzM/P79ixg7UJPLBWABA+AtQYs9kslUpZX3K5XFeuXOFq/iWdTldWVsbVDDJInuBpPGGbzWaZTBZcvIvpvzgBk6LWKpjcKWfPno2Kiurs7BQuJABYsRb/OebHjx+XL1/mav6lkGoMl82bN3///p2/z9KGHQ6otQomd0KIw+G4c+fOy5cvq6qq/kFsALDSRP7fAbD49OmT0WgsKipibYZk7dq1SxhY+GOuVTC5u93udevWYWMNAAQS1OeY27dvK5XK2NjYEydOuFwuQojL5UpLS3O73REREZ2dnczmzZs3pVLptWvXEhMTZTJZdXX179+/qXkGBwcLCgqkUmlycvKhQ4fGx8dZL6fT6fbu3bt69eqFzYAzjI6OxsbG9vX1EcYeDnVw48YNpVIpk8mOHz/OmgUhxGaz7du3TyqVZmZmdnV10dMODg7u3r07KioqPj6+srLSZrNR57n6M83NzTU3NycmJkZHR1dWVjocDkLIr1+/Tp06FR8fn5qaeunSpbm5Ob9RfhtQrBtxzGT91oo5nCt9h8PBTD/IkFjvLGF7k/D3B4CVIHCNcbvdw8PDer1+YGDAbrc3NTURQmJiYiYmJiQSicfjqaqqYjYPHjzodrsHBgaGhoaGhoYMBkNrays1VWlp6cmTJy0WS39/f35+vlgsZr0iz0YZ/wwul6uiouLq1asFBQULs3jz5g2VhcViOXfu3MIsCCG1tbXr168fGxvr7u5m1gyDwaDRaD5//vz27duUlJTa2lrqPFd/ptbW1t7e3t7eXqPRmJSUNDY2Rgg5c+aM3W43GAw9PT06ne7u3bsBb4Qf1mS5NhVZ04+NjWWmH0xIXHeW9U3C0x8AVgofr48fPxJCpqenqaZer09PT6dfkkgkzJ5UkxpisVio81qtVqVS+Xw+p9MZGRnp8XgWXsVisaSlpVHHbrdbIpE4nc6FTa4Z6EsfOHCgpqaGKyQ6i/7+ftYsZmdnxWIxM/INGzYsjPb9+/cKhSL4/gkJCQaDgXlmdnZWIpFMTk5STZ1Op1aruZKim9TkXMn6rRVzeDDpBxkS653lepNw9QeAlSPw8xiJRELvuiQlJTmdzoBDxGJxamoqdZyVlWWxWAghMpns8OHDarW6uLg4KSlJpVLt2bOHnlav11PHz549y8vLo/eFmE2eGQgh58+f7+npaW9vD5hFSkoKaxZfv34lhDAjp1969epVY2Pj2NiY1+udn5+fn5/n709zuVxOpzM7O9vvQl6vV6lU0gOpP8fBY03Wb+mYAqYfZEisd5Zwv0m4+gPACvFPfx/z4MGD9vb27Oxsr9fb0NBQV1dHnReJRBs3bqSO+b9RxjXDzMyMVqt9+PBhU1MT9TBgaZWXlxcWFr548WJ4eLi7uzvU4SKRaAmD4Up2cd++AwAQjiA1xuPxWK1W6thoNG7atIl+aefOndXV1c3NzR0dHU+ePPEbODc39/TpU/oPpV+TZ4ZVq1ZptdrKysq8vLyWlpbFhZ2QkEAIYUZOHXz79s1ut1+4cGHLli3Jycn0QyCu/kwxMTFyudzvV/cJCQlr1qz58OED1ZyYmEhLS/MbKJfLZ2Zmfv78STWnpqbol1iTZV2r4AUTEuG9s6xC7Q8Ay8zia0xcXJzH4zGZTKzNhoYGm802Ojp68eLF0tJSQsj4+Pj+/fufP3/ucDisVmtbW1tOTg49258/fwgher1eoVDQOzZ+TZ4ZxGLx1q1bCSHXr19vb28fGRlZRBYikaikpIQZOdUnPj5eLpffu3fP5XKZTCb6PFd/Oh1KfX29RqMZGRmx2Wx1dXV9fX0ikejo0aP19fVWq5UaeOzYMb+BUqlUpVI1NDR8+fLFZDLRT9G5kvVbq1AFExJl4Z3lF2p/AFhOFl9joqOjW1pacnJyqG/90s3Hjx9LJBKVSpWbm5ufn5+dnd3Y2EgIycjIUKvVp0+fph6leDwe+nGC2WyOi4sjgTbKeGagZWZmajQa+ntfoWbR1tY2PT2dlZVVUVHB/Fnio0ePOjo6FApFYWFheno6fZ61P50OpbGxsaioqLi4OCMjY2pqatu2bYSQW7duKRSK3NzckpKSsrKympqahQO7uromJyczMjLKy8uPHDmyMHhmsn+/URZMSKx3lkeo/QFgmYnw+XxLO6PZbN6+fTu9yROSzMzM+/fv79q1i7UJPP7BWoV6Z//mnQAAy0N4/c7/3bt3PE3ggbUCgDAUpv93GQAAlgHUGAAAEMrSP48BAACg4HMMAAAIBTUGAACEghoDAABCQY0BAAChoMYAAIBQUGMAAEAoqDEAACAU1BgAABAKagwAAAgFNQYAAITyH0E7O3tteyEfAAAAAElFTkSuQmCC) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAJwklEQVR4nO3bXUhT7x8A8OMU9+Lmy9yWzplOwqSLLJTQsAKJMhthlC/ULozEIrTWIDEpW1oYlV6UmDeBelFdiXgRXgiBioSWLZvvYk6dr9tqNcca0/0uDv/D+Z+zs3OaOxr1/Vy5s/M8z/f77PvwjOfMII/HgwAAAAAs4Ox0AAAAAP5asMcAAABgC+wxAAAA2AJ7DAAAALbAHgMAAIAtsMcAAABgC+wxAAAA2AJ7DAAAALbQ7zFGozHof4KDg5VKZW1t7cbGBvqWSCQi3BwVFUXbkFXkqLYffh7YcPPmTT6f39DQsD2Z2my2uro6JHBzy7AfNM3W1tatj8gQlinCTiFhheFf539CbQPwezx0ZmdnhUKh0+l0Op0Oh0Ov1x86dKimpgZ7i3BzZGQkbUO2OZ3ObRjFB/w8BJzZbOZwOHq93u12b0+m+A86UCPS9oNPMyAjMkEo6YBPL74w/OicvOIA+MMxPSvjcrlcLpfP56empjY0NLx584bthlvB5XK3YZSdYrfbBQJBampqcHDw9mcaqBFp+8GnGZAR/cDq9P7dVQoAyp/nMTwez+12B6RhYWHhw4cPsZeZmZnowcivX78uX74sEokSEhLu3bu3sbGBnhLU1dVJpdLY2NiXL18iCDI4OHjkyBGRSBQXF3fu3LmxsTHk/88T1tfXr1y5IpVK4+Pj79+/jz/iq6+vVyqVUVFRFy9etNls5GgHBwczMzP5fL5UKs3PzzeZTL4bmkymkydPikSivXv3vnr1itzhxsbG7du3d+3aFRYWlp+fb7FYqIL0MZDFYklMTLTb7UFBQYSzsqWlpdOnT4tEIqVSWV9f7/VMhnBWQ55PQsoIgthsNqoR/Z5eLCqqm/FpoiXhYyx8FvgOw8LCCgsLLRbLrVu3pFJpdHT0pUuX1tfXqT5ffKatra2EqfutjwnPa2EQOvdayVQFg+d1WmjXBW0lkBcgeWgAmPjtPWZtbe3OnTt5eXkBaVhQUNDR0YH+vbS0pNfr0RtqamocDsfw8HBXV1dPT09zczOCIHa7fXx83GAwtLS0ZGVlIQiiUqmKi4vn5ub6+vqysrJ4PB5h0OvXry8uLg4NDXV1dXV2djY1NaHX7Xb78PBwf3//wMDA3NxcVVUVOeChoaHS0tLl5WWDwaBQKMrKynw3LCsrCw8PHx0dffv2rdc95vHjx93d3d3d3ZOTk3K5fHR01EeQVANFR0ePj4+jh5Bnz57F919WVhYaGjo9Pd3d3d3W1kb7iZDn02vKERERVCNuZXrxYZBvxqepVqt9j0XIwm636/X6vr4+vV6/uLiYkpJiNpuHh4ffv38/OzuLBUNOFp8pOihtskwypS0MhKKSqQqGNiradUH+CAhz6HUBAuAP2tO02dlZBEEkEolEIhGLxTwe7+rVq+hRMv4t7Ab88xiqhhiHwxEeHj43N+fxeJqams6cOYNel0gkdrsd/Rt9kIP2ZrVasbZWqzUkJIR8qI2dWbvdbqFQODMzg17v7OzMyMjAAvvx4wd6va+vLykpyfckTE9Px8TE+Gjodrt5PB6aiMfjaW9vJz+PkclkQ0NDhIteg/QdIZYg/nQeDQDrBwuAcIKPPQ8gz6fXlH2P6Pf04jukupn5WPgs0Cvfv3/HOuRwOA6HA33Z39+/Z88eH8niB6UNgEmmVIWB75yqkskFQ/g0vUZFuy6wlz4qgbwAyZMGABMhTPYhgUCg1+sRBOFwODKZDH8+jr2FWlhYyMnJYdIQxefzc3NzOzo6ysvL29vbi4uLEQT59u2b2WxOTExE79nc3AwJCUEQRCgU4n+sFRUVdf78+YyMjOzsbLlcnp6efuzYMXznq6urLpdLqVSiL1NSUtDlhHaFnRsoFAqr1UrO+tOnTxUVFaOjoy6Xa3Nzc3Nz00fD1dVVBEHi4+OxsQi92Ww2q9W6f/9+wnWqIJlESOhnc3MT34/v+xHSfFKl7GPErUwvPgzam32PRchCKBRGRERgHYaHh/P5fPSlXC43m80BTJY2eNrCQCgqmapgaKOiXRdkhDmkWoAA+IFR6XA4nLi4OCZvER63+GiIKSgoaGxsVKvVAwMD7e3tCII4nU4Oh/PhwwessjkcjsvlIrd9/fr1x48fDQbD4uKiVqs9fPjw8+fPmWTERF5eXklJSXNzM4/HI+ydftvBx9dMsJHyH+uPSpZcyQ8ePED8LZgtrguvC9CPMABAGO4xrMrNzS0pKWlrazt+/Dj6lTA2NlYgEFit1oMHD2K3GY1Gr83T0tLS0tLQflQqFX4tyWSy0NDQr1+/ol/0xsfHsa9mtNbW1hYXF+/evYu+xL78UpHJZAiCzM/Po99YJycnCTdERESIxeLPnz+npqYSGvodJKEfDodjNBoTEhLQftDrYrHY4XD8/PkTnduFhQWqHvxIOSCRMxHwsbYtWdrCwJAr2WvBMIzKa28MK8HrAgTAPzv/9YTL5ebk5FRXVxcVFWEX1Wr1tWvXRkZGlpaWnjx5UltbS244NjZ26tSpd+/eWSyW+fn5xsbGAwcO4G8IDg4uKirSaDTz8/MjIyM6ne7ChQsMo5JKpWKx+MWLFzabbWpqSqfT+b4/ODg4JydHq9WaTCZ0LPI9Go2mtLT0y5cvJpOpvLy8t7d3i0ESAlCpVBqNxmg04gMQiUTp6elarXZlZWVqaqqystKPlCUSidPpnJqaIowYkMiZCPhYVMl6zXQrATApDKpKJheMWCx2Op0TExPoD728RkXVG/NKQJgtQAAYoX1i4+Pfvpj8DyaTh0IdHR1CoRB7MOvxeJxOp0ajUSgUAoEgNzd3ZmaG3JvL5dLpdMnJyaGhoTKZTK1WLy8vE8a12+2lpaUSiUShUOh0OvS/+agefhL09PSkp6fzeLyYmBitVhsZGem74cLCwokTJ4RCYXJy8tOnT8l9ut3uiooKiUTC4/Hy8vLMZjNVkL4H8voE3uPxLC8vq1QqoVCYmJj46NEjrMn09HR2drZQKNy3b9+zZ8+8/haAKmXsLZ1OJxAI6uvr8a38nl6qFHzUD5OxaEfHv6RKFs20paWFNgCGheS1MPBtqSrZa8FUVlai4VFFRdWb53cqgbwAyXkBwESQx+PZ6W0OBN7ExMTRo0dXVlZ2OhAAwD9t58/KABv0en1SUtJORwEA+Nft/DN/ECi1tbVyufzMmTMzMzNVVVXV1dU7HREA4F8HZ2V/j97eXo1GYzAYdu/eXVZWduPGjZ2OCADwr4M9BgAAAFvgeQwAAAC2wB4DAACALbDHAAAAYAvsMQAAANgCewwAAAC2wB4DAACALbDHAAAAYAvsMQAAANgCewwAAAC2wB4DAACALf8BZQhTVH246wkAAAAASUVORK5CYII=) --- **Mirror:** [Click here to view the mirror](<http://1320111.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 September, 2020 08:21 GMT ---|--- Vulnerability Verified:| 15 September, 2020 11:09 GMT Website Operator Notified:| 15 September, 2020 11:09 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 15 September, 2020 11:09 GMT Vulnerability Fixed:| 16 September, 2020 14:58 GMT ---|---