cs.money Improper Access Control vulnerability

2017-04-04T09:04:00
ID OBB:223026
Type openbugbounty
Reporter Spam404
Modified 2017-04-26T16:56:00

Description

Vulnerable URL:
https://cs.money/after_auth?steamid=http://steamcommunity.com/openid/id/76561198124194908
Details:

Description| Value
---|---
Patched:| Yes, at 21.04.2017
Latest check for patch:| 21.04.2017 19:26 GMT
Vulnerability type:| Improper Access Control
Vulnerability status:| Publicly disclosed
Alexa Rank| 9304
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 4 April, 2017 09:04 GMT
Vulnerability existence verified and confirmed| 4 April, 2017 09:44 GMT
Generic security notifications sent to website owner| 4 April, 2017 09:44 GMT
Customized security notification sent to website owner| 4 April, 2017 09:44 GMT
Vulnerability patched by the website owner| 24 April, 2017 05:05 GMT
Vulnerability details disclosed by researcher| 26 April, 2017 16:56 GMT