Hello.
I've one question for you, do you take submissions that needs the user to login to the website? If so, what's the procedure to report that ones? I'm asking that, because of one that I made, the ID is 727374 and it got denied as "Can't reproduce Vulnerability", but it's there. The website is free to use but the user needs to register, I've created an user and submitted it with the report and the correct steps to reproduce the vulnerability but it stills got "can't reproduce vulnerability".
Am I doing something wrong or just out of lucky?
Correct way to submit a vulnerability that needs access/register
Last edited by LukkasssG on Fri Jan 25, 2019 7:14 pm, edited 1 time in total.
-
- Posts:37
- Joined:Tue Feb 02, 2016 3:15 pm
Re: Correct way to submit an vulnerability that needs access/register
surely u can just add the cookie to the report for the test account when ur logged in
Re: Correct way to submit an vulnerability that needs access/register
I thought about that, but there's also the session expiration time...jesuismaxy wrote: ↑Thu Jan 24, 2019 7:09 pmsurely u can just add the cookie to the report for the test account when ur logged in
Re: Correct way to submit an vulnerability that needs access/register
Just provide login & password via comment
Re: Correct way to submit an vulnerability that needs access/register
-
- Posts:4
- Joined:Wed May 01, 2019 12:12 am
Re: Correct way to submit a vulnerability that needs access/register
Ah, hello. my first submission today, html injection (custom perl backend framework) possible only as a logged in user. I didn't attach any user/pwd nor a cookie.
Ouch, it'll get bashed.
Thanks for the info.
Ouch, it'll get bashed.
Thanks for the info.
Who is online
Users browsing this forum: No registered users and 2 guests