Page 182 - Hands-On Bug Hunting for Penetration Testers
P. 182
Formatting Your Report Chapter 10
Weak: Using the vulnerability, someone could attack the site's user community
by putting a malicious script in a popular thread.
Stronger: An attacker could exploit the persistent XSS vulnerability by inserting
a malicious JavaScript snippet into a comment on a popular thread that could
steal admin account cookies by sending them to a listening server.
Notice that the second, stronger attack scenario is still succinctbkeeping the scenario
detailed but terse is important. It uses specific over-generic terms (JavaScript, versus script,
comment on a popular thread versus in a popular thread, admin account cookies, and so
on) and it enumerates a possible risk (steal admin account cookies) that's more than just
vague hand-waving about a malicious script, representing a specific, damaging scenario.
This scenario is also within the bounds of the bug's severity: XSS won't bring down the
world's financial system like some rampaging sci-fi super-worm, but it can do great harm
to individual users.
Example Submission Reports ` Where to
Look
We've written a sample report for each vulnerability we've discussed and used a few
examples in this chapter to illustrate certain points. Hopefully, this has given you a firm
foundation regarding what a report needs and how to write it.
But one of the best ways to learn to do anything is to model your practice after other
successful researchers and to see their expertise in action rather than accept it as received
wisdom. Read enough successful reports (that have earned a reward) and you begin to see
the themes connecting them, and the practices underpinning those researchers' successful
careers. Here are a few resources for seeing those examplesbbattle-tested reports that have
won their authors acclaim and awards.
[ 167 ]
