External Service Interaction - Bug Bounty?
I have found an external service interaction issue on a website that is listed in hacker one, I want to send a report, but, I'm not sure how to come up with a proof of concept to send to them. I have recently reported an external service interaction bug, but the company asked for a poc and I had no idea where to begin.
First of all I used burp suite pro active scanning to find the issue and then I used Collaborator to send of a valid dns payload to the server and I then after that I got a response, which is good so far.
What do I do next in order for my bug bounty to get approved?
And is showing them Burp Collaborator payload response enough?
Blake, we’d recomend contacting the bug bounty program and asking for clarification of their requirements.
If you need assistance verifying a Burp issue, you can send any relevant information to firstname.lastname@example.org.