{"id":563,"date":"2022-05-24T12:04:25","date_gmt":"2022-05-24T12:04:25","guid":{"rendered":"https:\/\/devbrain.com.br\/?p=563"},"modified":"2022-05-24T12:04:25","modified_gmt":"2022-05-24T12:04:25","slug":"impact-awareness-bounty-submission","status":"publish","type":"post","link":"https:\/\/devbrain.com.br\/index.php\/2022\/05\/24\/impact-awareness-bounty-submission\/","title":{"rendered":"Impact Awareness – bounty submission"},"content":{"rendered":"\n

Summary<\/h2>\n\n\n\n

Given the fact that your bounty report might change your finding from being “accepted” and even your reward over a particular program, it’s essential to provide enough information such as the impact and what\/how it can be accomplished (including combinations with different attacking vectors) with examples\/pocs. If possible, providing solutions to mitigate the problem can also be helpful as the person who’s reading your report might not have an advanced knowledge across the area you’re exploring. <\/p>\n\n\n\n

As an example, I’ll share one of my findings here that I was expecting a small bounty (e.g., USD ~100,00) for disclosing information due to a misconfiguration within the application I was assessing and it turned out that my focus on the report totally made the difference as it was even rewarded with an additional of $130 bonus (besides $477.20). Kindly refer to the following where I’m just obfuscating a few details due to a Synack’s private program:<\/p>\n\n\n\n

Description<\/h3>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Impact<\/h3>\n\n\n\n
\"\"<\/figure>\n\n\n\n

PoC<\/h3>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Recommended Fix<\/h3>\n\n\n\n
\n
\"\"<\/figure>\n<\/figure>\n\n\n\n

References<\/h3>\n\n\n\n
  • Writing bug bounty reports:
    • https:\/\/blog.yeswehack.com\/yeswerhackers\/tips-write-report-bug-bounty\/<\/li>
    • https:\/\/dewcode.medium.com\/how-to-write-a-good-bug-bounty-report-in-just-10-minutes-980a0a1b1b18<\/li><\/ul><\/li>
    • More about the finding above:
      • https:\/\/medium.com\/@logicbomb_1\/bugbounty-nasa-internal-user-and-project-details-are-out-2f2e3580421b<\/li><\/ul><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"

        Summary Given the fact that your bounty report might change your finding from being “accepted” and even your reward over…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-563","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/posts\/563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/comments?post=563"}],"version-history":[{"count":55,"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/posts\/563\/revisions"}],"predecessor-version":[{"id":623,"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/posts\/563\/revisions\/623"}],"wp:attachment":[{"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/media?parent=563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/categories?post=563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devbrain.com.br\/index.php\/wp-json\/wp\/v2\/tags?post=563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}