Question about reporting process
Posted: Mon Feb 03, 2020 3:37 am
Hi all ) I have few questions, im new here so... ))
1. When reporting vulnerability there are a fields under vulnerability details: XSS URL, post data and comment field (not internal). When i submit vulnerability and openbugbounty.org sends notification can website owners see what info i add in those fields?
2. Can i delete "on hold" vulnerabilities and submit same again after 2 or more days or researchers are restricted for it?
3. How looks notification which is sent by openbugbounty.org to website owners?
4. I saw on already patched reports that researchers add screenshots to reports, but i cant find add file or some simial function on report page, how to do it?
Please answer, help me to understand details to report correctly... Thank you for answers in advance.
1. When reporting vulnerability there are a fields under vulnerability details: XSS URL, post data and comment field (not internal). When i submit vulnerability and openbugbounty.org sends notification can website owners see what info i add in those fields?
2. Can i delete "on hold" vulnerabilities and submit same again after 2 or more days or researchers are restricted for it?
3. How looks notification which is sent by openbugbounty.org to website owners?
4. I saw on already patched reports that researchers add screenshots to reports, but i cant find add file or some simial function on report page, how to do it?
Please answer, help me to understand details to report correctly... Thank you for answers in advance.