Skip to content

Instantly share code, notes, and snippets.

@GangGreenTemperTatum

GangGreenTemperTatum/sample_report.md

Last active September 2, 2025 11:54
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save GangGreenTemperTatum/4699f7503fe3eb2dcf7e35dd0dd63a22 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save GangGreenTemperTatum/4699f7503fe3eb2dcf7e35dd0dd63a22 to your computer and use it in GitHub Desktop.
Download ZIP
Sample Barebones BB Report
Raw
sample_report.md

Summary

Executive summary

Background

Explain the application feature/functionality which is affected.

Business Impact

This vulnerability allows a malicious user to

  • Example, explanation.
  • Example, explanation.
  • Example, explanation.
  • Example, explanation.

Proof of Concept

Example 1

Setup

For demonstration purposes, the following staff accounts were used:

Role Email User A User B
Admin account1@bugcrowdninja.com X
Normal account2@bugcrowdninja.com X

Steps - As user B (victim)

  1. Enable browser proxy intercept
  2. Sign into the application:

[> URI](URI)

  1. Click on the X button within the "Y" dialogue box

POST /path

  1. As the user, do X

<#image placeholder> <#image placeholder>

Steps - As user A (attacker)

  1. Enable browser proxy intercept
  2. Sign into the application:

URI

  1. Click on the X button within the "Y" dialogue box

POST /path

<#image placeholder>

  1. Before clicking doing X, forward the request to Replay/Repeater

POST /path

Original request:

POST /path HTTP/1.1
Host: example.com
User-Agent: PoC-Agent/1.0
Content-Type: application/json
Content-Length: 123

{
  "action": "doX",
  "target_id": "12345",
  "example": "value"
}

<#image placeholder>

  1. Edit the structure of the request:
  • Explain step:
    • For this example, change the body field example to demonstrate missing/modified parameter handling.
# example: change "example" value or remove the parameter entirely
# original body:
# {"action":"doX","target_id":"12345","example":"value"}
# modified body:
# {"action":"doX","target_id":"12345"}
  1. Remove the following parameters from the request and their respective values:
  • example
  1. Send the request to Automate/Intruder, the final request should look like this as an example:

Modified request:

POST /path HTTP/1.1
Host: example.com
User-Agent: PoC-Agent/1.0
Content-Type: application/json
Content-Length: 89

{
  "action": "doX",
  "target_id": "12345"
}

<#image placeholder>

  1. Send the request
  2. Observe server response:

Server response:

HTTP/1.1 200 OK
content-type: application/json
  1. In the victim account, XYZ.

I've attached a full video PoC for your reference too - example

Note: Within the video PoC I already customized a dashboard as the victim.

References

Mitigation Recommendations

  1. Example
    Example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment