Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

External Service Interaction - Bug Bounty?

Blake Jacobs Feb 05, 2019 06:36AM UTC

I have found an external service interaction issue on a website that is listed in hacker one, I want to send a report, but, I'm not sure how to come up with a proof of concept to send to them. I have recently reported an external service interaction bug, but the company asked for a poc and I had no idea where to begin.

First of all I used burp suite pro active scanning to find the issue and then I used Collaborator to send of a valid dns payload to the server and I then after that I got a response, which is good so far.

But,

What do I do next in order for my bug bounty to get approved?
And is showing them Burp Collaborator payload response enough?


Liam Tai-Hogan Feb 06, 2019 11:53AM UTC Support Center agent

Blake, we’d recomend contacting the bug bounty program and asking for clarification of their requirements.

If you need assistance verifying a Burp issue, you can send any relevant information to support@portswigger.net.


Post Your public answer

Your name
Your email address
Answer