Correct way to submit a vulnerability that needs access/register

Questions or requests about submissions
Post Reply
LukkasssG
Posts:5
Joined:Mon Jan 21, 2019 3:55 am
Correct way to submit a vulnerability that needs access/register

Post by LukkasssG » Thu Jan 24, 2019 6:39 pm

Hello.

I've one question for you, do you take submissions that needs the user to login to the website? If so, what's the procedure to report that ones? I'm asking that, because of one that I made, the ID is 727374 and it got denied as "Can't reproduce Vulnerability", but it's there. The website is free to use but the user needs to register, I've created an user and submitted it with the report and the correct steps to reproduce the vulnerability but it stills got "can't reproduce vulnerability".

Am I doing something wrong or just out of lucky?
Last edited by LukkasssG on Fri Jan 25, 2019 7:14 pm, edited 1 time in total.

jesuismaxy
Posts:37
Joined:Tue Feb 02, 2016 3:15 pm

Re: Correct way to submit an vulnerability that needs access/register

Post by jesuismaxy » Thu Jan 24, 2019 7:09 pm

surely u can just add the cookie to the report for the test account when ur logged in

LukkasssG
Posts:5
Joined:Mon Jan 21, 2019 3:55 am

Re: Correct way to submit an vulnerability that needs access/register

Post by LukkasssG » Thu Jan 24, 2019 11:57 pm

jesuismaxy wrote:
Thu Jan 24, 2019 7:09 pm
surely u can just add the cookie to the report for the test account when ur logged in
I thought about that, but there's also the session expiration time...

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Correct way to submit an vulnerability that needs access/register

Post by x1admin » Fri Jan 25, 2019 7:44 am

Just provide login & password via comment

LukkasssG
Posts:5
Joined:Mon Jan 21, 2019 3:55 am

Re: Correct way to submit an vulnerability that needs access/register

Post by LukkasssG » Fri Jan 25, 2019 3:30 pm

x1admin wrote:
Fri Jan 25, 2019 7:44 am
Just provide login & password via comment
Could you please check the report ID 727374, I think I've sent in the comments, can't remember exactly, it got can't reproduce status but the vulnerability still works as of today.

Thanks in advance.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Correct way to submit an vulnerability that needs access/register

Post by x1admin » Mon Jan 28, 2019 7:45 am

LukkasssG wrote:
Fri Jan 25, 2019 3:30 pm
x1admin wrote:
Fri Jan 25, 2019 7:44 am
Just provide login & password via comment
Could you please check the report ID 727374, I think I've sent in the comments, can't remember exactly, it got can't reproduce status but the vulnerability still works as of today.

Thanks in advance.
approved

Guyu91425081
Posts:4
Joined:Wed May 01, 2019 12:12 am

Re: Correct way to submit a vulnerability that needs access/register

Post by Guyu91425081 » Wed May 01, 2019 2:27 pm

Ah, hello. my first submission today, html injection (custom perl backend framework) possible only as a logged in user. I didn't attach any user/pwd nor a cookie.
Ouch, it'll get bashed.
Thanks for the info.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests