Question on submitting Findings
Posted: Mon Aug 15, 2022 6:47 pm
Hello,
I made a submission, but it was rejected with "Can't reproduce". Now I have two questions:
- Is is possible to view details of my submissions? I'd like to review details of the submission and recheck what I sent (I could repreduce it from my burp without problems)
- Are there any restrictions / tipps on Open Redirect submissions? I really have no idea, why OBB cannot reproduce it:
I clearly stated in the comment, that the user needs to be authenticated (I didn't put the session cookie in the formular, otherwise OBB obviously has access to my whole profile on the page. And the session will likely expire before they test it anyway.)
And I always put redirects to a non existing site in the Proof URL. But a manual check should detect that the browser tried to access this page. The target was also clearly visible in the URL.
(And a small additional question: Is it possible to "store" unsubmitted reports? When I first tried to submit it, it failed because there was apparently another report from another user within the last 24 hours. So I had to wait. Luckily I could keep my browser with the unsent submission open two days. But this is not really a good solution.).
Maybe someone can help me here a bit? My first experiences here with OBB really discourage me to stay on this page
Regards
I made a submission, but it was rejected with "Can't reproduce". Now I have two questions:
- Is is possible to view details of my submissions? I'd like to review details of the submission and recheck what I sent (I could repreduce it from my burp without problems)
- Are there any restrictions / tipps on Open Redirect submissions? I really have no idea, why OBB cannot reproduce it:
I clearly stated in the comment, that the user needs to be authenticated (I didn't put the session cookie in the formular, otherwise OBB obviously has access to my whole profile on the page. And the session will likely expire before they test it anyway.)
And I always put redirects to a non existing site in the Proof URL. But a manual check should detect that the browser tried to access this page. The target was also clearly visible in the URL.
(And a small additional question: Is it possible to "store" unsubmitted reports? When I first tried to submit it, it failed because there was apparently another report from another user within the last 24 hours. So I had to wait. Luckily I could keep my browser with the unsent submission open two days. But this is not really a good solution.).
Maybe someone can help me here a bit? My first experiences here with OBB really discourage me to stay on this page
Regards