www.openbugbounty.org
Open in
urlscan Pro
172.64.136.29
Public Scan
URL:
https://www.openbugbounty.org/reports/2161523/
Submission: On October 13 via api from GB — Scanned from DE
Submission: On October 13 via api from GB — Scanned from DE
Form analysis 3 forms found in the DOM
POST
<form action="" method="post" style="float: right; float: right;" id="delform"></form>Name: frmfixrequest — POST
<form name="frmfixrequest" class="frmincident" action="" method="post">
<table class="fixreqtbl">
<tbody>
<tr>
<td colspan="2">
<table class="addform fixreqtbl2" width="100%" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td align="center">
<p>This feature enables you to send additional notifications to the website owners or admins after the vulnerability is submitted. The total number of additional notification is limited to 10, and to 1 in 24 hours.</p>
<p>Notify specific security contact: </p>
<input name="email" id="email" value="" class="ui-input" type="text">
<br>
<p>To my best knowledge this email belongs to the website owner/admin <input id="agree" name="agree" value="1" type="checkbox" onchange="check_agree();"></p>
<br>
<input name="newalert" value="1" type="hidden">
<div class="g-recaptcha" data-sitekey="6Lf2gUEUAAAAAKIYnNwmCC3SvVworvlXbJpdTGfH">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf2gUEUAAAAAKIYnNwmCC3SvVworvlXbJpdTGfH&co=aHR0cHM6Ly93d3cub3BlbmJ1Z2JvdW50eS5vcmc6NDQz&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=u9di9h2pw3ow"
width="304" height="78" role="presentation" name="a-agd5rathjupl" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe></div><textarea id="g-recaptcha-response" name="g-recaptcha-response"
class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<table class="frmincidenttbl">
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="width: 50%;">
<input value="Alert" id="alertbtn" name="alertbtn" type="submit" disabled="disabled" style="width: 100px; color: #FFFFFF; background-color: #f77a00; float: right; border: 1px solid #ff8208; border-radius: 4px; cursor: pointer;">
</td>
<td>
<input value="Cancel" name="fixreqcancel" onclick="showhide(0); return false;" type="button" style="width: 100px; color: #FFFFFF; background-color: #f77a00; float: left; border: 1px solid #ff8208; border-radius: 4px; cursor: pointer;">
</td>
</tr>
</tbody>
</table>
</form>POST
<form method="post" action="">
<input type="hidden" value="1" name="twauth">
<input type="image" name="sub" src="/images/design/sign-in-with-twitter-gray.png">
</form>Text Content
JAVASCRIPT IS NOT AVAILABLE.
We’ve detected that JavaScript is disabled in this browser. Please enable
JavaScript or switch to a supported browser to continue using openbugbounty.org.
2021 © OpenBugBounty
Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News
* For Researchers
Report a Vulnerability
Report and help remediate a vulnerability
found on any website
Write a Blog Post
Write a blog post to share your knowledge
and get kudos
Browse Bug Bounty Programs
Browse active bug bounty programs
run by website owners Ask a Question
Ask questions and share your improvement
ideas
How it Works Download presentation and learn
how our platform works
PDF, 1MB
* For Owners
Start a Bug Bounty
Start your bug bounty program at no cost
and leverage crowd-security testing
Ask a Question
Ask questions or let us know how to make
Open Bug Bounty even better
API Request
National CERTs and law enforcement
agencies may request our API
How it Works Download presentation and learn
how our platform works
PDF, 1MB
* Hall of Fame
Top Security Researchers
They make Web a safer place by reporting
and helping remediate vulnerabilities
Acknowledgements
Website owners share their experience of collaboration with the researchers
How it Works Download presentation and learn
how our platform works
PDF, 1MB
* About
About the Project
Read about Open Bug Bounty history,
values and mission
Latest Reports
Browse the most recent vulnerability
submissions
Contact Us
Get in touch
How it Works Download presentation and learn
how our platform works
PDF, 1MB
* Forum
* Blog
*
▼
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,096,272 coordinated disclosures
665,595 fixed vulnerabilities
1,424 bug bounty programs, 2,846 websites
25,073 researchers, 1,371 honor badges
OpenBugBounty.org > OBB-2161523
Are you sure you want to delete the vulnerability?
Yes No
This feature enables you to send additional notifications to the website owners
or admins after the vulnerability is submitted. The total number of additional
notification is limited to 10, and to 1 in 24 hours.
Notify specific security contact:
To my best knowledge this email belongs to the website owner/admin
BENCHMARKSIXSIGMA.COM IMPROPER ACCESS CONTROL VULNERABILITY
REPORT ID: OBB-2161523
Security Researcher Cyber_India Helped patch 25923 vulnerabilities
Received 9 Coordinated Disclosure badges
Received 141 recommendations , a holder of 9 badges for responsible and
coordinated disclosure, found Improper Access Control security vulnerability
affecting benchmarksixsigma.com website and its users.
Following the coordinated and responsible vulnerability disclosure guidelines of
the ISO 29147 standard, Open Bug Bounty has:
a. verified the vulnerability and confirmed its existence;
b. notified the website operator about its existence.
Technical details of the vulnerability are currently hidden ("On Hold") to give
the website operator/owner sufficient time to patch the vulnerability without
putting any of its systems or users at risk. Once patched, vulnerability details
can be publicly disclosed by the researcher in at least 30 days since the
submission. If for a reason the vulnerability remains unpatched, the researcher
may disclose vulnerability details only after 90 days since the submission.
Affected Website:benchmarksixsigma.com Open Bug Bounty Program:Create your
bounty program now. It's open and free. Vulnerable Application:[hidden until
disclosure] Vulnerability Type:IAC (Improper Access Control) / CWE-284 CVSSv3
Score:[hidden until disclosure] Disclosure Standard:Coordinated Disclosure based
on ISO 29147 guidelines Discovered and Reported by:Cyber_India Helped patch
25923 vulnerabilities
Received 9 Coordinated Disclosure badges
Received 141 recommendations Remediation Guide:OWASP Access Control Cheat Sheet
COORDINATED DISCLOSURE TIMELINE
Vulnerability Reported:12 October, 2021 04:45 GMT Vulnerability Verified:12
October, 2021 04:59 GMT Website Operator Notified:12 October, 2021 04:59 GMT
a. Using the ISO 29147 guidelines b. Using publicly available security contacts
c. Using Open Bug Bounty notification framework d. Using security contacts
provided by the researcherPublic Report Published [without technical details]:12
October, 2021 04:59 GMT
Scheduled Public Disclosure: A security researcher can delete the report before
public disclosure, afterwards the report cannot be deleted or modified anymore.
The researcher can also postpone public disclosure date as long as reasonably
required to remediate the vulnerability.10 January, 2022 04:45 GMT
FOR WEBSITE OPERATORS AND OWNERS
Please read how Open Bug Bounty helps make your websites secure and then contact
the researcher directly to get the vulnerability details. The researcher may
also help you fix the vulnerability and advice on how to prevent similar issues:
For remediation best practices, please also refer to OWASP remediation
guidelines. More information about coordinate and responsible disclosure on Open
Bug Bounty is available here.
DISCLAIMER: Open Bug Bounty is a non-profit project, we never act as an
intermediary between website owners and security researchers. We have no
relationship or control over the researchers. Our role is limited to independent
verification of the submitted reports and proper notification of website owners
by all reasonably available means.
BENCHMARKSIXSIGMA.COM
Website Overview and Rating
Alexa Global Rank:117,961 SSL/TLS Server Test:A+ View Results Web Server
Security Test:B View Results Malware Test:Click here Domain Health
Report:Click here
Latest Submissions
OBB-ID Reported by Status Reported on
OBB-2161523
Cyber_India Helped patch 25923 vulnerabilities
Received 11 Coordinated Disclosure badges
Received 141 recommendations
On Hold
12.10.2021
LATEST PATCHED
13.10.2021 backlog.com
13.10.2021 gainsight.com
12.10.2021 mobt3ath.com
12.10.2021 elearning.lavoro.gov.it
12.10.2021 dicionarioinformal.com.br
12.10.2021 ulakbim.gov.tr
12.10.2021 csai.cn
12.10.2021 mmu.edu.my
12.10.2021 groupbuya.com
12.10.2021 moj.gov.vn
LATEST BLOG POSTS
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information
Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution
(CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
RECENT RECOMMENDATIONS
11 October, 2021
showmypc:
Thanks for your reporting and making our platform secure. We appreciate your
work!
10 October, 2021
giroud_francois:
Thanks a lot for the notification, and for the explanations that allowed us to
fix the vulnerability !
10 October, 2021
stylight_noc:
Thank you for informing us about an issue with our webserver configuration.
8 October, 2021
olly_d_white:
Our team would like to thank you for finding vulnerability on our website.
8 October, 2021
olly_d_white:
Reported multiple critical vulnerabilities of our platform with very good
explanations and suggestions. Help much appreciated. Thank you again!
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines
Terms & Privacy
2021 © OpenBugBounty
* Open Bug Bounty
* About the Project
* Report a Vulnerability
* Start a Bug Bounty
* Contacts
* Sitemap
* Community
* Top Security Researchers
* Acknowledgements
* Community Forum
* Community Blog
* Twitter Login
* Follow us
ORIGINALTEXT
Bessere Übersetzung vorschlagen
--------------------------------------------------------------------------------
AddThis Sharing Sidebar
Share to FacebookFacebook
, Number of shares
Share to TwitterTwitterShare to PrintPrintShare to EmailEmailMore AddThis Share
optionsAddThis
, Number of shares
Hide
Show
Close
AddThis
AddThis Sharing
SHARESFacebookTwitterPrintEmailAddThis