Privilege Escalation

Severity: High
Bug ID: 641
Researcher: daksh
Status: Disclosed
Submitted: 12/05/2014


As I reported earlier about Privilege Escalation on comment section where I was able to comment on behalf of bounty admin, You fixed it. But i think it is not fixed entirely.

Affected URL:


Affected Params:


Bug Evidence:


All you need to do is change the sent_from=bounty and the comment ll be done on behalf of bounty admin.

Bug Recommendation:

I think you should remove that parameter.

Direct Chat

daksh 12/05/2014
Message User Image
submitted a Privilege Escalation bug to CrowdShield
CrowdShield 12/05/2014
Message User Image
Acknowledged bug ID: 641 - Privilege Escalation submitted by daksh and awarded 20 points!
CrowdShield 12/05/2014
Message User Image
Fixed bug ID: 641 - Privilege Escalation submitted by daksh
CrowdShield 06/24/2015
Message User Image
disclosed a Privilege Escalation bug submitted by daksh

Pending Bugs

ID Severity Vulnerability User Date Status
692High Authentication Bypass dia2diab 07/01/2015 Disclosed
778High Privilege Escalation poseidon 08/24/2018 Disclosed
641High Privilege Escalation daksh 12/05/2014 Disclosed
744High Privilege Escalation realn0j 09/06/2017 Disclosed
670High Remote Code Execution zoczus 05/06/2015 Disclosed
593Medium Buffer Overflow rockcena 12/01/2014 Disclosed
578Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
580Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
659Medium Reflected Cross Site Scripting pratap 12/16/2014 Disclosed
742Low Application Errors guifre 07/29/2017 Disclosed
724Low Session Security and Cookies testingcs 04/24/2016 Disclosed
706Informational Other zediwon 09/28/2015 Disclosed
707Informational Other behroz 10/06/2015 Disclosed