Is there a way that instead of "Can't reproduce vulnerability" be changed to the reason why. Case in point. I reported a vulnerability that I believed to be an SQLi. But submitted it anyway. Thing is I could have modified it for a future report if I knew it would be rejected as an SQLi rather than "Can't reproduce vulnerability". Some researchers submit reports as well to the affect of being flagged as a SQLi unintentionally, so they come onto the forum asking why and get the response of "don't except SQL injections" Fair enough, but they should know why when the report is rejected rather than asking on the forum why it was.
Regards,
SQLi
Re: SQLi
Why you report sql inj vulnerability if you know what we don't accept this?GordSchramm wrote: ↑Fri Jun 01, 2018 2:26 amIs there a way that instead of "Can't reproduce vulnerability" be changed to the reason why. Case in point. I reported a vulnerability that I believed to be an SQLi. But submitted it anyway. Thing is I could have modified it for a future report if I knew it would be rejected as an SQLi rather than "Can't reproduce vulnerability". Some researchers submit reports as well to the affect of being flagged as a SQLi unintentionally, so they come onto the forum asking why and get the response of "don't except SQL injections" Fair enough, but they should know why when the report is rejected rather than asking on the forum why it was.
Regards,
- GordSchramm
- Posts:164
- Joined:Thu Apr 28, 2016 11:26 pm
Re: SQLi
Just to make the point I was trying to get across. It had the java script popup and if I was a researcher that thought it was an XSS vuln and submitted it not knowing it was a SQLi, I would wonder why it becomes "Can't reproduce vulnerability". I plan to modify it for another report that shows that there is an XSS vuln.
Basically, what I'm trying to say is that when these types of reports are submitted, instead of "Can't reproduce vulnerability", have the reason why like "Rejected because of SQLi".
Regards,
Basically, what I'm trying to say is that when these types of reports are submitted, instead of "Can't reproduce vulnerability", have the reason why like "Rejected because of SQLi".
Regards,
Who is online
Users browsing this forum: No registered users and 2 guests