Dashboard

Privilege Escalation

Severity: High
Bug ID: 641
Researcher: daksh
Status: Disclosed
Submitted: 12/05/2014

Description:

As I reported earlier about Privilege Escalation on comment section where I was able to comment on behalf of bounty admin, You fixed it. But i think it is not fixed entirely.

Affected URL:

https://crowdshield.com/dashboard.php?bug_id=[ID]

Affected Params:

sent_from

Bug Evidence:

bug_id=538&researcher_username=daksh&bug_category=Cross+Site+Request+Forgery&bounty_name=CrowdShield&sent_from=researcher&bug_comment=test&bug_reply=Reply

All you need to do is change the sent_from=bounty and the comment ll be done on behalf of bounty admin.


Bug Recommendation:

I think you should remove that parameter.

Direct Chat

4
daksh 12/05/2014
Message User Image
submitted a Privilege Escalation bug to CrowdShield
CrowdShield 12/05/2014
Message User Image
Acknowledged bug ID: 641 - Privilege Escalation submitted by daksh and awarded 20 points!
CrowdShield 12/05/2014
Message User Image
Fixed bug ID: 641 - Privilege Escalation submitted by daksh
CrowdShield 06/24/2015
Message User Image
disclosed a Privilege Escalation bug submitted by daksh

Pending Bugs

ID Severity Vulnerability User Date Status
692High Authentication Bypass dia2diab 07/01/2015 Disclosed
778High Privilege Escalation poseidon 08/24/2018 Disclosed
641High Privilege Escalation daksh 12/05/2014 Disclosed
744High Privilege Escalation realn0j 09/06/2017 Disclosed
670High Remote Code Execution zoczus 05/06/2015 Disclosed
593Medium Buffer Overflow rockcena 12/01/2014 Disclosed
578Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
580Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
659Medium Reflected Cross Site Scripting pratap 12/16/2014 Disclosed
742Low Application Errors guifre 07/29/2017 Disclosed
724Low Session Security and Cookies testingcs 04/24/2016 Disclosed
706Informational Other zediwon 09/28/2015 Disclosed
707Informational Other behroz 10/06/2015 Disclosed