Open Bug Bounty Community Forum

Posted: **Mon Feb 03, 2020 3:37 am**

Hi all ) I have few questions, im new here so... ))
1. When reporting vulnerability there are a fields under vulnerability details: XSS URL, post data and comment field (not internal). When i submit vulnerability and openbugbounty.org sends notification can website owners see what info i add in those fields?
2. Can i delete "on hold" vulnerabilities and submit same again after 2 or more days or researchers are restricted for it?
3. How looks notification which is sent by openbugbounty.org to website owners?
4. I saw on already patched reports that researchers add screenshots to reports, but i cant find add file or some simial function on report page, how to do it?

Please answer, help me to understand details to report correctly... Thank you for answers in advance.

Posted: **Mon Feb 03, 2020 11:07 am**

1. yes
2. yes
3. add your email to "Notify specific security contact" and you received notify email
4. our platform make screenshots

Posted: **Mon Feb 03, 2020 12:40 pm**

Yes but there is told that website owner will get notification without technical details... XSS URL, post data, cookies and comment field includes technical details and why they are shown to website owner? So they can patch this vulnerability without researcher interaction if they see whats in those fields...

Posted: **Mon Feb 03, 2020 1:26 pm**

Notification emails will sent w/o details. Owner with bugbounty program and confirmed website can view details on report page if researcher check "Automatic Disclosure"

Posted: **Mon Feb 03, 2020 1:29 pm**

So otherwise XSS URL, Post data, cookies and comment field info is NOT shown in notification emails to website owners if i dont check automatic disclosure right?

Posted: **Mon Feb 03, 2020 1:31 pm**

Notification emails don't contain any details, only link to report page

Posted: **Mon Feb 03, 2020 1:36 pm**

and if they dont have confirmed website bug bounty program what can they see on my report page?

Posted: **Mon Feb 03, 2020 1:37 pm**

by the way i report one test website and put there my email but i dont receive any notification so i cant see whats shown on my report page

Posted: **Mon Feb 03, 2020 1:48 pm**

Dachi03259579 wrote: ↑
Mon Feb 03, 2020 1:37 pm
by the way i report one test website and put there my email but i dont receive any notification so i cant see whats shown on my report page

hard to say w/o report id

Posted: **Mon Feb 03, 2020 2:36 pm**

Dachi03259579 wrote: ↑
Mon Feb 03, 2020 1:36 pm
and if they dont have confirmed website bug bounty program what can they see on my report page?

What about it?

Open Bug Bounty Community Forum

Question about reporting process

Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process

Re: Question about reporting process