đMaking Submissions
Last updated
Last updated
COM OLHO IT PRIVATE LIMITED
Description:
Introduction: When submitting a report, it is essential to provide comprehensive details to help the reviewing team understand and validate the vulnerability. This ensures a thorough assessment and appropriate action.
Purpose: Detailed reports facilitate accurate validation, efficient remediation, and appropriate rewarding of the vulnerability.
Content:
Required Details for Report Submission:
Title:
Provide a concise and descriptive title for the vulnerability.
Example: "SQL Injection in Login Page"
Target:
Specify the target application, page, or endpoint where the vulnerability was found.
Severity:
Assess the severity level of the vulnerability (Low, Medium, High, Critical).
Example: "High, Low, etc"
Vulnerability Type:
Select the type of vulnerability (e.g., SQL Injection, Cross-Site Scripting, etc.).
Example: "SQL Injection, Buffer Overflow, Insecure API etc."
Description:
Provide a detailed description of the vulnerability.
Include relevant information to understand the context and nature of the issue.
Steps to Reproduce:
List the detailed steps to reproduce the vulnerability.
Ensure clarity and precision for the reviewing team to follow.
Example:
Go to the login page.
Enter ' OR '1'='1 in the username field.
Enter any value in the password field.
Submit the form and observe successful login.
Potential Impact:
Explain the potential impact and consequences of the vulnerability if exploited.
Example: "An attacker can gain unauthorized access to user accounts, compromising sensitive information."
Recommendation:
Provide suggestions for fixing the vulnerability.
Example: "Use prepared statements to prevent SQL Injection."
Screenshots:
Attach relevant screenshots to support your findings.
Include visual evidence of the vulnerability and steps to reproduce.
Guidelines:
Clarity: Ensure all information is clear and easy to understand.
Completeness: Provide all required details to avoid delays in the review process.
Accuracy: Verify all information before submission to prevent errors.
Common Issues and Solutions:
Incomplete Reports:
Double-check the report for all required details before submission.
Use the provided guidelines and examples as a reference.
Unclear Descriptions:
Be as descriptive as possible.
Include relevant technical details and context.
FAQs:
What if I am unsure about the severity level?
Provide your best assessment and mention any uncertainties in the description.
Can I update my report after submission?
Yes, you can update your report before it is reviewed. Contact support if you need assistance.
Contact Support:
If you encounter any issues, please reach out to our support team at support@comolho.com.