BOOK THIS SPACE FOR AD
ARTICLE ADAfter finding a bug in any website or application it’s necessary to make a report about it and submit it to the company with required information and proofs.
Here’s how you can write a perfect Bug Bounty Report.
→ Title is, what this whole report is about. Here “OTP Bypass Vulnerability” is the title of the report.
→ Summary is brief introduction/explanation about the bug or vulnerability. note that effective summary can make a effective impact on report ;)
OTP (one time password) is supposed to be secured as it requires the users phone to get it , but by exploiting this vulnerability the hacker won’t need user’s mobile phone, he can just log into his victim’s account by getting the OTP by performing this exploit.
→ Description is deep dive into the technical details about bug if it is complex or severe.
Step 1Step 2Step 3→ This is very important part of report. by writing step by step on how to reproduce that bug again , you are giving the company the assurance that you’ve done it and it is a genuine bug. Also they can perform this bug and by understanding it they can patch it.
→ Proof Of Concept contains the proof of bug and vulnerability’s screenshot or video. Which proves that this bug has been exploited by you.
→ By performing this exploit what impact can a business/website have is usually described in High, Medium or Low level. here I wrote high/severe impact level according to the OTP Bypassing bug.
→ At last Mitigation. If you know how this bug can be fixed then you can write the possible solution here. It might give you extra bonus ;)