Question about reporting process

Questions or suggestions about the platform
Dachi03259579
Posts:8
Joined:Wed Jan 29, 2020 9:26 pm
Question about reporting process

Post by Dachi03259579 » Mon Feb 03, 2020 3:37 am

Hi all ) I have few questions, im new here so... ))
1. When reporting vulnerability there are a fields under vulnerability details: XSS URL, post data and comment field (not internal). When i submit vulnerability and openbugbounty.org sends notification can website owners see what info i add in those fields?
2. Can i delete "on hold" vulnerabilities and submit same again after 2 or more days or researchers are restricted for it?
3. How looks notification which is sent by openbugbounty.org to website owners?
4. I saw on already patched reports that researchers add screenshots to reports, but i cant find add file or some simial function on report page, how to do it?

Please answer, help me to understand details to report correctly... Thank you for answers in advance.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Question about reporting process

Post by x1admin » Mon Feb 03, 2020 11:07 am

1. yes
2. yes
3. add your email to "Notify specific security contact" and you received notify email
4. our platform make screenshots

Dachi03259579
Posts:8
Joined:Wed Jan 29, 2020 9:26 pm

Re: Question about reporting process

Post by Dachi03259579 » Mon Feb 03, 2020 12:40 pm

Yes but there is told that website owner will get notification without technical details... XSS URL, post data, cookies and comment field includes technical details and why they are shown to website owner? So they can patch this vulnerability without researcher interaction if they see whats in those fields...

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Question about reporting process

Post by x1admin » Mon Feb 03, 2020 1:26 pm

Notification emails will sent w/o details. Owner with bugbounty program and confirmed website can view details on report page if researcher check "Automatic Disclosure"

Dachi03259579
Posts:8
Joined:Wed Jan 29, 2020 9:26 pm

Re: Question about reporting process

Post by Dachi03259579 » Mon Feb 03, 2020 1:29 pm

So otherwise XSS URL, Post data, cookies and comment field info is NOT shown in notification emails to website owners if i dont check automatic disclosure right?
Last edited by Dachi03259579 on Mon Feb 03, 2020 1:35 pm, edited 1 time in total.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Question about reporting process

Post by x1admin » Mon Feb 03, 2020 1:31 pm

Notification emails don't contain any details, only link to report page

Dachi03259579
Posts:8
Joined:Wed Jan 29, 2020 9:26 pm

Re: Question about reporting process

Post by Dachi03259579 » Mon Feb 03, 2020 1:36 pm

and if they dont have confirmed website bug bounty program what can they see on my report page?

Dachi03259579
Posts:8
Joined:Wed Jan 29, 2020 9:26 pm

Re: Question about reporting process

Post by Dachi03259579 » Mon Feb 03, 2020 1:37 pm

by the way i report one test website and put there my email but i dont receive any notification so i cant see whats shown on my report page

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Question about reporting process

Post by x1admin » Mon Feb 03, 2020 1:48 pm

Dachi03259579 wrote:
Mon Feb 03, 2020 1:37 pm
by the way i report one test website and put there my email but i dont receive any notification so i cant see whats shown on my report page
hard to say w/o report id

Dachi03259579
Posts:8
Joined:Wed Jan 29, 2020 9:26 pm

Re: Question about reporting process

Post by Dachi03259579 » Mon Feb 03, 2020 2:36 pm

Dachi03259579 wrote:
Mon Feb 03, 2020 1:36 pm
and if they dont have confirmed website bug bounty program what can they see on my report page?
What about it?

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests