📎Making Submissions

Description:

• Introduction: When submitting a report, it is essential to provide comprehensive details to help the reviewing team understand and validate the vulnerability. This ensures a thorough assessment and appropriate action.

• Purpose: Detailed reports facilitate accurate validation, efficient remediation, and appropriate rewarding of the vulnerability.

Content:

• Required Details for Report Submission:

  1. Title:

     • Provide a concise and descriptive title for the vulnerability.

     • Example: "SQL Injection in Login Page"

  2. Target:

     • Specify the target application, page, or endpoint where the vulnerability was found.

  3. Severity:

     • Assess the severity level of the vulnerability (Low, Medium, High, Critical).

     • Example: "High, Low, etc"

  4. Vulnerability Type:

     • Select the type of vulnerability (e.g., SQL Injection, Cross-Site Scripting, etc.).

     • Example: "SQL Injection, Buffer Overflow, Insecure API etc."

  5. Description:

     • Provide a detailed description of the vulnerability.

     • Include relevant information to understand the context and nature of the issue.

  6. Steps to Reproduce:

     • List the detailed steps to reproduce the vulnerability.

     • Ensure clarity and precision for the reviewing team to follow.

     • Example:

       1. Go to the login page.

       2. Enter ' OR '1'='1 in the username field.

       3. Enter any value in the password field.

       4. Submit the form and observe successful login.

  7. Potential Impact:

     • Explain the potential impact and consequences of the vulnerability if exploited.

     • Example: "An attacker can gain unauthorized access to user accounts, compromising sensitive information."

  8. Recommendation:

     • Provide suggestions for fixing the vulnerability.

     • Example: "Use prepared statements to prevent SQL Injection."

  9. Screenshots:

     • Attach relevant screenshots to support your findings.

     • Include visual evidence of the vulnerability and steps to reproduce.

Guidelines:

• Clarity: Ensure all information is clear and easy to understand.

• Completeness: Provide all required details to avoid delays in the review process.

• Accuracy: Verify all information before submission to prevent errors.

Common Issues and Solutions:

• Incomplete Reports:

  • Double-check the report for all required details before submission.

  • Use the provided guidelines and examples as a reference.

• Unclear Descriptions:

  • Be as descriptive as possible.

  • Include relevant technical details and context.

FAQs:

• What if I am unsure about the severity level?

  • Provide your best assessment and mention any uncertainties in the description.

• Can I update my report after submission?

  • Yes, you can update your report before it is reviewed. Contact support if you need assistance.

Contact Support:

• If you encounter any issues, please reach out to our support team at support@comolho.com.