Question on submitting Findings

Questions or suggestions about the platform
Post Reply
DerBaerSEC
Posts:2
Joined:Fri Aug 12, 2022 11:39 pm
Question on submitting Findings

Post by DerBaerSEC » Mon Aug 15, 2022 6:47 pm

Hello,

I made a submission, but it was rejected with "Can't reproduce". Now I have two questions:
- Is is possible to view details of my submissions? I'd like to review details of the submission and recheck what I sent (I could repreduce it from my burp without problems)
- Are there any restrictions / tipps on Open Redirect submissions? I really have no idea, why OBB cannot reproduce it:
I clearly stated in the comment, that the user needs to be authenticated (I didn't put the session cookie in the formular, otherwise OBB obviously has access to my whole profile on the page. And the session will likely expire before they test it anyway.)
And I always put redirects to a non existing site in the Proof URL. But a manual check should detect that the browser tried to access this page. The target was also clearly visible in the URL.


(And a small additional question: Is it possible to "store" unsubmitted reports? When I first tried to submit it, it failed because there was apparently another report from another user within the last 24 hours. So I had to wait. Luckily I could keep my browser with the unsent submission open two days. But this is not really a good solution.).

Maybe someone can help me here a bit? My first experiences here with OBB really discourage me to stay on this page :(

Regards

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Question on submitting Findings

Post by x1admin » Mon Aug 22, 2022 5:34 am

DerBaerSEC wrote:
Mon Aug 15, 2022 6:47 pm
And I always put redirects to a non existing site in the Proof URL.
Please read submission guide

DerBaerSEC
Posts:2
Joined:Fri Aug 12, 2022 11:39 pm

Re: Question on submitting Findings

Post by DerBaerSEC » Thu Aug 25, 2022 6:40 pm

Ah, missed that point. Thanks. Corrected this but it still got marked as "Can't reproduce vulnerability".

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest