How to Write A Bug Bounty Report Like a Pro! 😎

Hi, Ajak Amico’s welcome back to another blog today, I will show you How to write a bug bounty report like a Pro and this is my strategy too to report a bug. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇

Follow our Youtube Channel: @ajakcybersecurity (355 Videos)

Follow on Instagram: @ajakcybersecurity

Topics Should Contain In Report:

1. Title
2. Affected Domain
3. Description
4. Steps To Reproduce
5. POC(Proof Of Concept)
6. Impact
7. Attacking Scenario(Optional)

Title:

It is important in the bug bounty report that we need to clearly write the name of the vulnerability like XSS, CSRF, and RCE.

Affected Domain: Mention whether it’s the main domain or subdomain

Description:

This component provides details of the vulnerability, you can explain the vulnerability here, and write about the paths, endpoints and error messages you got while testing. You can also attach HTTP requests, and vulnerable source code.

Steps To Reproduce:

In this component we have to define every step to reproduce the vulnerability, by using these steps they can reproduce the vulnerability again.

Proof of concept:

This component is the visual of the whole work. You can record a demonstration video or attach screenshots.

Impact:

Write about the real-life impact, How an attacker can take advantage if he successfully exploits the vulnerability. What type of possible damages could be done? (avoid writing about the theoretical impact)

Sample Report:

For Example, I used a practice website to present you with a sample Report.

Title: Reflected XSS in testphp.vulnweb.com leads to Cookie stealing of any users.

Affected Domain:

https:// testphp.vulnweb.com (Main Domain)

Description:

Hello Team, I have found a vulnerability in your domain https://testphp.vulnweb.com where an attacker can steal cookies of any user with reflected XSS flaw. Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application.

Steps To Reproduce:

1. Register and login with testphp.vulnweb.com
2. In search bar type following payload

<script>alert(document.cookie);</script>

3. Hit the enter button xss and get triggered

4. Now copy the link and send it to the victim, when the victim clicks the link, his cookie will be captured in my local server.

Proof of concept:

Screenshot is attached below.

Impact:

With the help of XSS a hacker or attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies and download malware on their system, and there are many more attacking scenarios a skilled attacker can perform with XSS.

Final Tip: If you are writing a report to VDP make sure you add Bold letters in required places, and always go with a POC video not more than 2min instead of Screenshots.

Hackerone report :-Reflected XSS

youtube link:-Reflected XSS

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

Hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️

“கற்றவை பற்றவை🔥”

Learn Everyday, Happy Hacking 😁🙌

https://www.buymeacoffee.com/Ajak

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Follow our Youtube Channel: @ajakcybersecurity

Follow on Instagram: @ajakcybersecurity