Question about reporting process
-
- Posts:8
- Joined:Wed Jan 29, 2020 9:26 pm
Hi all ) I have few questions, im new here so... ))
1. When reporting vulnerability there are a fields under vulnerability details: XSS URL, post data and comment field (not internal). When i submit vulnerability and openbugbounty.org sends notification can website owners see what info i add in those fields?
2. Can i delete "on hold" vulnerabilities and submit same again after 2 or more days or researchers are restricted for it?
3. How looks notification which is sent by openbugbounty.org to website owners?
4. I saw on already patched reports that researchers add screenshots to reports, but i cant find add file or some simial function on report page, how to do it?
Please answer, help me to understand details to report correctly... Thank you for answers in advance.
1. When reporting vulnerability there are a fields under vulnerability details: XSS URL, post data and comment field (not internal). When i submit vulnerability and openbugbounty.org sends notification can website owners see what info i add in those fields?
2. Can i delete "on hold" vulnerabilities and submit same again after 2 or more days or researchers are restricted for it?
3. How looks notification which is sent by openbugbounty.org to website owners?
4. I saw on already patched reports that researchers add screenshots to reports, but i cant find add file or some simial function on report page, how to do it?
Please answer, help me to understand details to report correctly... Thank you for answers in advance.
Re: Question about reporting process
1. yes
2. yes
3. add your email to "Notify specific security contact" and you received notify email
4. our platform make screenshots
2. yes
3. add your email to "Notify specific security contact" and you received notify email
4. our platform make screenshots
-
- Posts:8
- Joined:Wed Jan 29, 2020 9:26 pm
Re: Question about reporting process
Yes but there is told that website owner will get notification without technical details... XSS URL, post data, cookies and comment field includes technical details and why they are shown to website owner? So they can patch this vulnerability without researcher interaction if they see whats in those fields...
Re: Question about reporting process
Notification emails will sent w/o details. Owner with bugbounty program and confirmed website can view details on report page if researcher check "Automatic Disclosure"
-
- Posts:8
- Joined:Wed Jan 29, 2020 9:26 pm
Re: Question about reporting process
So otherwise XSS URL, Post data, cookies and comment field info is NOT shown in notification emails to website owners if i dont check automatic disclosure right?
Last edited by Dachi03259579 on Mon Feb 03, 2020 1:35 pm, edited 1 time in total.
Re: Question about reporting process
Notification emails don't contain any details, only link to report page
-
- Posts:8
- Joined:Wed Jan 29, 2020 9:26 pm
Re: Question about reporting process
and if they dont have confirmed website bug bounty program what can they see on my report page?
-
- Posts:8
- Joined:Wed Jan 29, 2020 9:26 pm
Re: Question about reporting process
by the way i report one test website and put there my email but i dont receive any notification so i cant see whats shown on my report page
Re: Question about reporting process
hard to say w/o report idDachi03259579 wrote: ↑Mon Feb 03, 2020 1:37 pmby the way i report one test website and put there my email but i dont receive any notification so i cant see whats shown on my report page
-
- Posts:8
- Joined:Wed Jan 29, 2020 9:26 pm
Re: Question about reporting process
What about it?Dachi03259579 wrote: ↑Mon Feb 03, 2020 1:36 pmand if they dont have confirmed website bug bounty program what can they see on my report page?
Who is online
Users browsing this forum: No registered users and 2 guests