diff --git a/submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/default_credentials/template.md b/submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/default_credentials/template.md index b6819158..a902e604 100644 --- a/submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/default_credentials/template.md +++ b/submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/default_credentials/template.md @@ -8,7 +8,7 @@ Default credentials in the IVI system can result in reputational damage and indi 1. Port scan the IVI unit by leveraging {{application}} and {{hardware}} 1. Bruteforce default credentials on exposed service(s) -1. Login to service(s) and run {{action}} +1. Log in to service(s) and run {{action}} 1. Observe that {{action}} occurs as a result **Proof of Concept (PoC)** diff --git a/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md b/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md index f85e1125..81fe3d70 100644 --- a/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md +++ b/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md @@ -9,7 +9,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Login to an account that should not be able to perform {{action}} +1. Log in to an account that should not be able to perform {{action}} 1. Forward the following request to the endpoint: ```HTTP @@ -20,6 +20,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Proof of Concept (PoC)** -The screenshot below demonstrates the broken access control: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md b/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md index 780216c5..ef6be7ff 100644 --- a/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md +++ b/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md @@ -10,7 +10,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Login to an account that should not be able to perform {{action}} +1. Log in to an account that should not be able to perform {{action}} 1. Forward the following request to the endpoint: ```HTTP @@ -21,6 +21,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Proof of Concept (PoC)** -The screenshot below demonstrates the broken access control: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_access_control/idor/modify_sensitive_information_iterable_object_identifiers/template.md b/submissions/description/broken_access_control/idor/modify_sensitive_information_iterable_object_identifiers/template.md index 63d89795..399d45fc 100644 --- a/submissions/description/broken_access_control/idor/modify_sensitive_information_iterable_object_identifiers/template.md +++ b/submissions/description/broken_access_control/idor/modify_sensitive_information_iterable_object_identifiers/template.md @@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. In the URL bar, modify the parameter to a different value: {{eg.}} diff --git a/submissions/description/broken_access_control/idor/modify_view_sensitive_information_guid/template.md b/submissions/description/broken_access_control/idor/modify_view_sensitive_information_guid/template.md index c67dff78..0bbccaab 100644 --- a/submissions/description/broken_access_control/idor/modify_view_sensitive_information_guid/template.md +++ b/submissions/description/broken_access_control/idor/modify_view_sensitive_information_guid/template.md @@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. In the URL bar, modify the parameter to a different value: {{eg.}} diff --git a/submissions/description/broken_access_control/idor/modify_view_sensitive_information_iterable_object_identifiers/template.md b/submissions/description/broken_access_control/idor/modify_view_sensitive_information_iterable_object_identifiers/template.md index 23ea7269..31ea1fe1 100644 --- a/submissions/description/broken_access_control/idor/modify_view_sensitive_information_iterable_object_identifiers/template.md +++ b/submissions/description/broken_access_control/idor/modify_view_sensitive_information_iterable_object_identifiers/template.md @@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. In the URL bar, modify the parameter to a different value: {{eg.}} diff --git a/submissions/description/broken_access_control/idor/template.md b/submissions/description/broken_access_control/idor/template.md index b21ed7c4..9a6e7644 100644 --- a/submissions/description/broken_access_control/idor/template.md +++ b/submissions/description/broken_access_control/idor/template.md @@ -7,7 +7,7 @@ IDOR can lead to indirect financial loss through an attacker accessing, deleting **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. In the URL bar, modify the parameter to a different value: {{eg.}} diff --git a/submissions/description/broken_access_control/idor/view_non_sensitive_information/template.md b/submissions/description/broken_access_control/idor/view_non_sensitive_information/template.md index f530a2fe..c2061419 100644 --- a/submissions/description/broken_access_control/idor/view_non_sensitive_information/template.md +++ b/submissions/description/broken_access_control/idor/view_non_sensitive_information/template.md @@ -7,7 +7,7 @@ IDOR can result in reputational damage for the business through the impact to cu **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. In the URL bar, modify the parameter to a different value: {{eg.}} diff --git a/submissions/description/broken_access_control/idor/view_sensitive_information_iterable_object_identifiers/template.md b/submissions/description/broken_access_control/idor/view_sensitive_information_iterable_object_identifiers/template.md index 9b11a6e2..1636cff6 100644 --- a/submissions/description/broken_access_control/idor/view_sensitive_information_iterable_object_identifiers/template.md +++ b/submissions/description/broken_access_control/idor/view_sensitive_information_iterable_object_identifiers/template.md @@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. In the URL bar, modify the parameter to a different value: {{eg.}} diff --git a/submissions/description/broken_access_control/privilege_escalation/template.md b/submissions/description/broken_access_control/privilege_escalation/template.md index cf136231..9061d8e2 100644 --- a/submissions/description/broken_access_control/privilege_escalation/template.md +++ b/submissions/description/broken_access_control/privilege_escalation/template.md @@ -8,7 +8,7 @@ The impact of this vulnerability can vary in severity depending on the degree of 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Login to User Account A +1. Log in to User Account A 1. Using the HTTP interception proxy, forward the following request to the endpoint: ```HTTP diff --git a/submissions/description/broken_access_control/template.md b/submissions/description/broken_access_control/template.md index 7fe684a8..fddc34d3 100644 --- a/submissions/description/broken_access_control/template.md +++ b/submissions/description/broken_access_control/template.md @@ -8,7 +8,7 @@ Broken access controls can lead to financial loss through an attacker accessing, 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Login to an account that should not be able to perform {{action}} +1. Log in to an account that should not be able to perform {{action}} 1. Forward the following request to the endpoint: ```HTTP @@ -19,6 +19,6 @@ Broken access controls can lead to financial loss through an attacker accessing, **Proof of Concept (PoC)** -The screenshot below demonstrates the broken access control: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_authentication_and_session_management/authentication_bypass/template.md b/submissions/description/broken_authentication_and_session_management/authentication_bypass/template.md index 33a7ef5e..46211852 100644 --- a/submissions/description/broken_authentication_and_session_management/authentication_bypass/template.md +++ b/submissions/description/broken_authentication_and_session_management/authentication_bypass/template.md @@ -8,14 +8,12 @@ Authentication bypass can lead to data loss or theft through an attacker's acces **Steps to Reproduce** -1. Navigate to: {{URL}} and login as a regular user +1. Navigate to: {{URL}} and log in as a regular user 1. In the URL, change the `/user` to `/user/administrator` 1. Observe that the application now allows the user to view other user's profile details. These actions are usually restricted to an authenticated user **Proof of Concept (PoC)** -The following image(s) show the full exploit: - -{{screenshot}} - -An attacker can bypass authentication or break session management to access the application's data. +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_authentication_and_session_management/concurrent_logins/template.md b/submissions/description/broken_authentication_and_session_management/concurrent_logins/template.md index af6e537a..c79ee263 100644 --- a/submissions/description/broken_authentication_and_session_management/concurrent_logins/template.md +++ b/submissions/description/broken_authentication_and_session_management/concurrent_logins/template.md @@ -7,12 +7,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login to the application -1. Using an incognito tab or another browser, login using the same credentials +1. Log in to the application +1. Using an incognito tab or another browser, log in using the same credentials 1. Observe that both sessions remain valid **Proof of Concept (PoC)** -The screenshots below show the concurrent logins: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/all_sessions/template.md b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/all_sessions/template.md index 97f7b1f7..df71f054 100644 --- a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/all_sessions/template.md +++ b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/all_sessions/template.md @@ -10,14 +10,14 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Sign into a user’s account +1. Log in to a user’s account 1. Capture any authenticated request -1. Logout of the application +1. Log out of the application 1. Replay the request using the HTTP interception proxy 1. Observe that the application responds to the request **Proof of Concept (PoC)** -The screenshot below shows the the application failing to invalidate the session: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_email_change/template.md b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_email_change/template.md index f9caacf1..76bd23e1 100644 --- a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_email_change/template.md +++ b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_email_change/template.md @@ -10,15 +10,15 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Sign into a user’s account +1. Log in to a user’s account 1. Capture any authenticated request 1. Change the email address associated with the account -1. Logout of the application +1. Log out of the application 1. Replay the request using the HTTP interception proxy 1. Observe that the application responds to the request **Proof of Concept (PoC)** -The screenshot below shows the the application failing to invalidate the session: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/template.md b/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/template.md index b2932317..8384f481 100644 --- a/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/template.md +++ b/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/template.md @@ -8,15 +8,15 @@ This vulnerability could lead to data theft through the attacker’s ability to 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. Sign into a user’s account +1. Log in to a user’s account 1. Perform {{action}} to see the session token in the URL or form field: {{screenshot}} -1. Perform {{action}} to send the request in an incognito browser and login using the same user credentials +1. Perform {{action}} to send the request in an incognito browser and log in using the same user credentials **Proof of Concept (PoC)** -The screenshot(s) below shows the full exploit: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md b/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md index 9b9fc686..fba0a65c 100644 --- a/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md @@ -11,7 +11,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login to the application at: {{URL}} +1. Use a browser to log in to the application at: {{URL}} 1. Navigate to the following URL and submit the form: {{URL}} 1. Use the HTTP interception proxy to intercept the request triggered by the form 1. Modify the request with the following CSRF POC code: diff --git a/submissions/description/cross_site_scripting_xss/cookie_based/template.md b/submissions/description/cross_site_scripting_xss/cookie_based/template.md index 46bf76a7..858a3c1f 100644 --- a/submissions/description/cross_site_scripting_xss/cookie_based/template.md +++ b/submissions/description/cross_site_scripting_xss/cookie_based/template.md @@ -9,7 +9,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to navigate to the following URL and login: {{URL}} +1. Use a browser to navigate to the following URL and log in: {{URL}} 1. Update the local storage on your browser to contain the cookie: {{parameter}} 1. Forward the following request to the endpoint: @@ -21,6 +21,6 @@ XSS could lead to data theft through the attacker’s ability to manipulate data **Proof of Concept (PoC)** -Below is a screenshot demonstrating the injected JavaScript executing: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/cross_site_scripting_xss/flash_based/template.md b/submissions/description/cross_site_scripting_xss/flash_based/template.md index b31306da..96577b40 100644 --- a/submissions/description/cross_site_scripting_xss/flash_based/template.md +++ b/submissions/description/cross_site_scripting_xss/flash_based/template.md @@ -9,7 +9,7 @@ Flash-based XSS could lead to data theft through the attacker’s ability to man **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to navigate to the following URL and login: {{URL}} +1. Use a browser to navigate to the following URL and log in: {{URL}} 1. Upload the following flash file: {{.SWF}} 1. Forward the following request to the endpoint: @@ -21,6 +21,6 @@ Flash-based XSS could lead to data theft through the attacker’s ability to man **Proof of Concept (PoC)** -Below is a screenshot demonstrating the injected JavaScript executing: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/cross_site_scripting_xss/reflected/self/template.md b/submissions/description/cross_site_scripting_xss/reflected/self/template.md index 1ffd790f..667284f3 100644 --- a/submissions/description/cross_site_scripting_xss/reflected/self/template.md +++ b/submissions/description/cross_site_scripting_xss/reflected/self/template.md @@ -9,7 +9,7 @@ Self-reflected XSS could lead to data theft through the attacker’s ability to **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login as a user +1. Log in as a user 1. Insert the following JavaScript payload: ```JavaScript diff --git a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md index eda4d4a4..76d00ccf 100644 --- a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md @@ -18,12 +18,12 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula {{request}} ``` -1. Log into a privileged account (User A) and navigate to {{url}} which contains the payload +1. Log in to a privileged account (User A) and navigate to {{url}} which contains the payload 1. Observe the JavaScript payload being executed, capturing the cookies of User A -1. Logout of User A’s account +1. Log out of User A’s account **Proof of Concept (PoC)** -Below is a screenshot demonstrating the injected JavaScript executing at the vulnerable endpoint, {{URL}}: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/cross_site_scripting_xss/stored/self/template.md b/submissions/description/cross_site_scripting_xss/stored/self/template.md index 512a3f7c..edef3768 100644 --- a/submissions/description/cross_site_scripting_xss/stored/self/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/self/template.md @@ -9,7 +9,7 @@ Self-stored XSS could lead to data theft through the attacker’s ability to man **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Login as a user +1. Log in as a user 1. Insert the following JavaScript payload: ```JavaScript diff --git a/submissions/description/external_behavior/browser_feature/autocomplete_enabled/template.md b/submissions/description/external_behavior/browser_feature/autocomplete_enabled/template.md index d578a502..ab7b20c8 100644 --- a/submissions/description/external_behavior/browser_feature/autocomplete_enabled/template.md +++ b/submissions/description/external_behavior/browser_feature/autocomplete_enabled/template.md @@ -1,4 +1,4 @@ -Browsers implement features such as autocomplete to offer form filling features for end users. Autocomplete is an HTML attribute that saves previously entered text within the input Document Object Model (DOM) fields. An attacker can leverage the cached input for this application locally to login as a user or expose critical pieces of data. +Browsers implement features such as autocomplete to offer form filling features for end users. Autocomplete is an HTML attribute that saves previously entered text within the input Document Object Model (DOM) fields. An attacker can leverage the cached input for this application locally to log in as a user or expose critical pieces of data. **Business Impact** @@ -13,6 +13,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Proof of Concept (PoC)** -The screenshots below demonstrate the autocomplete enabled: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/external_behavior/browser_feature/autocorrect_enabled/template.md b/submissions/description/external_behavior/browser_feature/autocorrect_enabled/template.md index 241a79a8..9c6f64f1 100644 --- a/submissions/description/external_behavior/browser_feature/autocorrect_enabled/template.md +++ b/submissions/description/external_behavior/browser_feature/autocorrect_enabled/template.md @@ -1,4 +1,4 @@ -Browsers implement features such as autocorrect to offer predictive spelling and grammar features for end users. The applications implementation of autocorrect for sensitive fields can enable an attacker with local access to login as a user, or leverage critical pieces of information to impersonate the user or make requests on their behalf. +Browsers implement features such as autocorrect to offer predictive spelling and grammar features for end users. The applications implementation of autocorrect for sensitive fields can enable an attacker with local access to log in as a user, or leverage critical pieces of information to impersonate the user or make requests on their behalf. **Business Impact** @@ -14,6 +14,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Proof of Concept (PoC)** -The screenshots below demonstrate the autocorrect enabled on a sensitive field: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/external_behavior/browser_feature/plaintext_password_field/template.md b/submissions/description/external_behavior/browser_feature/plaintext_password_field/template.md index 374375c9..47d5cf3d 100644 --- a/submissions/description/external_behavior/browser_feature/plaintext_password_field/template.md +++ b/submissions/description/external_behavior/browser_feature/plaintext_password_field/template.md @@ -1,4 +1,4 @@ -The password field for the login form of the application reveals the password in plaintext. An attacker with local access can shoulder surf or otherwise tailgate a user and watch them login to the application. From here, an attacker could login as a user to impersonate them or make requests on their behalf. +The password field for the login form of the application reveals the password in plaintext. An attacker with local access can shoulder surf or otherwise tailgate a user and watch them log in to the application. From here, an attacker could log in as a user to impersonate them or make requests on their behalf. **Business Impact** @@ -14,6 +14,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Proof of Concept (PoC)** -The screenshots below demonstrate the password field rendering in plaintext: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/external_behavior/browser_feature/save_password/template.md b/submissions/description/external_behavior/browser_feature/save_password/template.md index affd8216..7ec59fdb 100644 --- a/submissions/description/external_behavior/browser_feature/save_password/template.md +++ b/submissions/description/external_behavior/browser_feature/save_password/template.md @@ -8,11 +8,11 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Use a browser to navigate to: {{URL}} 1. Enter username and password within the login form and submit -1. Logout of application and navigate back to the login page +1. Log out of application and navigate back to the login page 1. Observe that the username and password is saved **Proof of Concept (PoC)** -The screenshots below demonstrate the password saved in the input field: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/external_behavior/user_password_persisted_in_memory/template.md b/submissions/description/external_behavior/user_password_persisted_in_memory/template.md index 2696aefa..6980bfce 100644 --- a/submissions/description/external_behavior/user_password_persisted_in_memory/template.md +++ b/submissions/description/external_behavior/user_password_persisted_in_memory/template.md @@ -1,4 +1,4 @@ -The user’s password is kept in memory after the application has ceased utilizing it. An attacker can abuse this to read the user password in memory and login as the user, impersonate them, or make requests on their behalf. +The user’s password is kept in memory after the application has ceased utilizing it. An attacker can abuse this to read the user password in memory and log in as the user, impersonate them, or make requests on their behalf. **Business Impact** @@ -14,6 +14,6 @@ This vulnerability can lead to reputational damage for the business due to a los **Proof of Concept (PoC)** -You can observe the plaintext password that remained in memory after utilization below: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md b/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md index 612cf635..6a0668a9 100644 --- a/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md +++ b/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md @@ -6,13 +6,13 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application and input data so that it is stored by the application +1. Log in to the application and input data so that it is stored by the application 1. Navigate to where the application stores the gathered information 1. Navigate to the following URL: {{URL}} 1. Observe the application data that is stored unencrypted **Proof of Concept (PoC)** -The screenshots below demonstrate the insecure data storage: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_external_storage/template.md b/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_external_storage/template.md index c2e465d5..9e6781e6 100644 --- a/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_external_storage/template.md +++ b/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_external_storage/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application and input personal, sensitive data so that it is stored by the application +1. Log in to the application and input personal, sensitive data so that it is stored by the application 1. Navigate to where the application stores the gathered information 1. Observe the sensitive application data that is stored unencrypted **Proof of Concept (PoC)** -The screenshots below demonstrate the insecure data storage: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_internal_storage/template.md b/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_internal_storage/template.md index 089a10f6..d67aee54 100644 --- a/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_internal_storage/template.md +++ b/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/on_internal_storage/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application and input personal, sensitive data so that it is stored by the application +1. Log in to the application and input personal, sensitive data so that it is stored by the application 1. Navigate to where the application stores the gathered information 1. Observe the sensitive application data that is stored unencrypted **Proof of Concept (PoC)** -The screenshots below demonstrate the insecure data storage: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/template.md b/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/template.md index 0505b069..d61de3e6 100644 --- a/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/template.md +++ b/submissions/description/insecure_data_storage/sensitive_application_data_stored_unencrypted/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application and input personal, sensitive data so that it is stored by the application +1. Log in to the application and input personal, sensitive data so that it is stored by the application 1. Navigate to where the application stores the gathered information 1. Observe the sensitive application data that is stored unencrypted **Proof of Concept (PoC)** -The screenshots below demonstrate the insecure data storage: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insecure_data_storage/template.md b/submissions/description/insecure_data_storage/template.md index 9458dd56..5ce49b8d 100644 --- a/submissions/description/insecure_data_storage/template.md +++ b/submissions/description/insecure_data_storage/template.md @@ -6,13 +6,13 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application and input data so that it is stored by the application +1. Log in to the application and input data so that it is stored by the application 1. Navigate to where the application stores the gathered information 1. Navigate to the following URL: {{URL}} 1. Observe the application data that is stored unencrypted **Proof of Concept (PoC)** -The screenshots below demonstrate the insecure data storage: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insecure_os_firmware/poorly_configured_operating_system_security/template.md b/submissions/description/insecure_os_firmware/poorly_configured_operating_system_security/template.md index 8df340ab..c802b495 100644 --- a/submissions/description/insecure_os_firmware/poorly_configured_operating_system_security/template.md +++ b/submissions/description/insecure_os_firmware/poorly_configured_operating_system_security/template.md @@ -6,7 +6,7 @@ The inadequate security configuration of the operating system can lead to signif **Steps to Reproduce** -1. Power on the device and login, then open the settings menu. +1. Power on the device and log in, then open the settings menu. 2. You'll see issues which deviate from hardening recommendations, including unnecessary services running, default passwords unchanged, or insufficient access controls. **Proof of Concept (PoC)** diff --git a/submissions/description/insufficient_security_configurability/lack_of_notification_email/template.md b/submissions/description/insufficient_security_configurability/lack_of_notification_email/template.md index 955d3d93..cb611e29 100644 --- a/submissions/description/insufficient_security_configurability/lack_of_notification_email/template.md +++ b/submissions/description/insufficient_security_configurability/lack_of_notification_email/template.md @@ -6,7 +6,7 @@ A lack of a notification email upon important account changes as a single vulner **Steps to Reproduce** -1. Use a browser to login to a valid account and navigate to: {{URL}} +1. Use a browser to log in to a valid account and navigate to: {{URL}} 1. Modify an account variable, such as the password or username 1. Observe that no notification email is sent to the associated account email address to notify the owner of the change diff --git a/submissions/description/insufficient_security_configurability/no_password_policy/template.md b/submissions/description/insufficient_security_configurability/no_password_policy/template.md index 1d66782a..745634da 100644 --- a/submissions/description/insufficient_security_configurability/no_password_policy/template.md +++ b/submissions/description/insufficient_security_configurability/no_password_policy/template.md @@ -7,11 +7,11 @@ Having no password policy can result in reputational damage for the business thr **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Attempt to login +1. Attempt to log in 1. Observe that the application allows the use of weak passwords, such as `a` **Proof of Concept (PoC)** -The following screenshot shows that there is no password policy: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/password_policy_bypass/template.md b/submissions/description/insufficient_security_configurability/password_policy_bypass/template.md index 91d43f64..b124328f 100644 --- a/submissions/description/insufficient_security_configurability/password_policy_bypass/template.md +++ b/submissions/description/insufficient_security_configurability/password_policy_bypass/template.md @@ -7,7 +7,7 @@ Having a password policy bypass present within the application can result in rep **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Attempt to login +1. Attempt to log in 1. Observe that modifying the following parameter allows a user to bypass the password policy of the application: ​​{{parameter}} diff --git a/submissions/description/insufficient_security_configurability/template.md b/submissions/description/insufficient_security_configurability/template.md index 59b402e8..30da7c5a 100644 --- a/submissions/description/insufficient_security_configurability/template.md +++ b/submissions/description/insufficient_security_configurability/template.md @@ -6,11 +6,11 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} +1. Log in to the application at: {{url}} 2. Perform {{action}} and observe that the security configuration is weak **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the vulnerability: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/verification_of_contact_method_not_required/template.md b/submissions/description/insufficient_security_configurability/verification_of_contact_method_not_required/template.md index 56ba2060..e8098ce9 100644 --- a/submissions/description/insufficient_security_configurability/verification_of_contact_method_not_required/template.md +++ b/submissions/description/insufficient_security_configurability/verification_of_contact_method_not_required/template.md @@ -6,12 +6,12 @@ A lack of a verification email for an updated contact method can result in reput **Steps to Reproduce** -1. Use a browser to login to a valid account and navigate to: {{URL}} +1. Use a browser to log in to a valid account and navigate to: {{URL}} 1. Modify a contact method of the account, such as the phone number of email address 1. Observe that no verification email is sent to the new contact method before it is associated with the account **Proof of Concept (PoC)** -The lack of notification email can be seen below below:: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_password_policy/template.md b/submissions/description/insufficient_security_configurability/weak_password_policy/template.md index a579136f..9b86381d 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_policy/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_policy/template.md @@ -7,11 +7,11 @@ Having a weak password policy can result in reputational damage for the business **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Attempt to login +1. Attempt to log in 1. Observe that the application allows the use of weak passwords **Proof of Concept (PoC)** -The following screenshot shows the weak password policy: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/template.md b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/template.md index e4e3146d..0f20401d 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/template.md @@ -7,7 +7,7 @@ Weak password reset implementation could lead to data theft from the attacker’ **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login to a valid account and navigate to: {{URL}} +1. Use a browser to log in to a valid account and navigate to: {{URL}} 1. Click on the reset link 1. Capture the request using the HTTP interception proxy 1. Observe the weakness in the password reset implementation diff --git a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_email_change/template.md b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_email_change/template.md index b3c8d0e5..da200fd2 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_email_change/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_email_change/template.md @@ -8,7 +8,7 @@ If an attacker successfully takes over an account by capturing a password reset **Steps to Reproduce** -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Initiate a password reset 1. Navigate to the following URL and modify the account email address 1. Observe that the password reset token that was received in the earlier step is still valid diff --git a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_login/template.md b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_login/template.md index 57358d67..a57314f3 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_login/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_login/template.md @@ -1,6 +1,6 @@ The password reset implementation needs to involve a unique, temporary high-entropy token that has a short expiry and can only be used once. When these conditions are not met, the password reset implementation is considered weak. This diminishes the strength of the overall authentication process for the application and can lead to account takeover. -The application does not invalidate the password reset token after the user successfully resets their password and login to the application. If an attacker were to gain access to the system used to store the reset token, they could use this unused token to reset the user's password and gain access to the account. +The application does not invalidate the password reset token after the user successfully resets their password and logs in to the application. If an attacker were to gain access to the system used to store the reset token, they could use this unused token to reset the user's password and gain access to the account. **Business Impact** @@ -10,13 +10,13 @@ If an attacker successfully takes over an account by capturing a password reset **Steps to Reproduce** -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Initiate a password reset -1. Login to the application with the new password +1. Log in to the application with the new password 1. Observe that the password reset token that was received in the earlier step is still valid **Proof of Concept (PoC)** -The following screenshot shows that the password reset token is not invalidated after login below: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_new_token_is_requested/template.md b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_new_token_is_requested/template.md index 36285565..75e61f65 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_new_token_is_requested/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_new_token_is_requested/template.md @@ -10,7 +10,7 @@ If an attacker successfully takes over an account by capturing a password reset **Steps to Reproduce** -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Initiate a password reset (request_1) 1. Initiate a password reset (request_2) 1. Open the received request_1 and observe that the password reset token is still valid diff --git a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_password_change/template.md b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_password_change/template.md index 00acb1d7..f7ee85bd 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_password_change/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_password_change/template.md @@ -10,7 +10,7 @@ If an attacker successfully takes over an account by capturing a password reset **Steps to Reproduce** -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Initiate a password reset 1. Modify the password for the account 1. Observe that the password reset token received earlier is still valid diff --git a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_use/template.md b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_use/template.md index 0d9e1eed..28b1a0d0 100644 --- a/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_use/template.md +++ b/submissions/description/insufficient_security_configurability/weak_password_reset_implementation/token_is_not_invalidated_after_use/template.md @@ -10,7 +10,7 @@ If an attacker successfully takes over an account by capturing a password reset **Steps to Reproduce** -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Initiate a password reset 1. Utilize the password reset token received to reset the password 1. Observe that the password reset token received earlier is still valid after being used diff --git a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/missing_failsafe/template.md b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/missing_failsafe/template.md index a592b5b7..35f381df 100644 --- a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/missing_failsafe/template.md +++ b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/missing_failsafe/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} +1. Log in to the application at: {{url}} 1. Navigate to the 2FA registration page at: {{url}} 1. Register for 2FA, and observe that the implementation provides no failsafe login methods, such as offline backup codes **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the missing 2FA failsafe: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/old_two_fa_code_is_not_invalidated_after_new_code_is_generated/template.md b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/old_two_fa_code_is_not_invalidated_after_new_code_is_generated/template.md index 668f39af..fead858e 100644 --- a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/old_two_fa_code_is_not_invalidated_after_new_code_is_generated/template.md +++ b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/old_two_fa_code_is_not_invalidated_after_new_code_is_generated/template.md @@ -6,14 +6,14 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} -1. When the 2FA step of the login is reached, request a code +1. Log in to the application at: {{url}} +1. When the 2FA step of the log in flow is reached, request a code 1. When the first code is received, request a new code and verify that the second code is also received 1. Input the first, older code into the 2FA input 1. Observe that the application allows the use of the first code after the second was generated, meaning it was not invalidated **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the old 2FA code not being invalidated: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/template.md b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/template.md index 70ce6b95..09db5d11 100644 --- a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/template.md +++ b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} -1. When the two factor authentication step of the login is reached, request a code +1. Log in to the application at: {{url}} +1. When the two factor authentication step of the login flow is reached, request a code 1. Perform {{action}} and observe that the 2FA implementation is weak **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the weak implementation of 2FA: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_code_is_not_updated_after_new_code_is_requested/template.md b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_code_is_not_updated_after_new_code_is_requested/template.md index 81c26468..0f6416ee 100644 --- a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_code_is_not_updated_after_new_code_is_requested/template.md +++ b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_code_is_not_updated_after_new_code_is_requested/template.md @@ -6,13 +6,13 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} -1. When the 2FA step of the login is reached, request a code +1. Log in to the application at: {{url}} +1. When the 2FA step of the login flow is reached, request a code 1. When the first code is received, request a new code and verify that the second code is also received 1. Observe that the first and second code are identical, demonstrating that the 2FA code is not updated when a new code is requested **Proof of Concept (PoC)** -The screenshot(s) below demonstrates that the 2FA code is not updated when a new code is requested: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_cannot_be_rotated/template.md b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_cannot_be_rotated/template.md index 9d2ec0a4..647d04d3 100644 --- a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_cannot_be_rotated/template.md +++ b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_cannot_be_rotated/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} +1. Log in to the application at: {{url}} 1. Setup two factor authentication 1. After the 2FA secret is created, observe that there is no way in which the secret can be rotated **Proof of Concept (PoC)** -The screenshot(s) below demonstrates that the 2FA code can’t be rotated: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_remains_obtainable_after_two_fa_is_enabled/template.md b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_remains_obtainable_after_two_fa_is_enabled/template.md index ace6a11a..a85fb67d 100644 --- a/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_remains_obtainable_after_two_fa_is_enabled/template.md +++ b/submissions/description/insufficient_security_configurability/weak_two_fa_implementation/two_fa_secret_remains_obtainable_after_two_fa_is_enabled/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} +1. Log in to the application at: {{url}} 1. Setup two factor authentication 1. After initial setup, observe that the two factor authentication secret is still obtainable at: {{url}} **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the full exploit: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/mixed_content/template.md b/submissions/description/sensitive_data_exposure/mixed_content/template.md index b603ad57..7ce15fd3 100644 --- a/submissions/description/sensitive_data_exposure/mixed_content/template.md +++ b/submissions/description/sensitive_data_exposure/mixed_content/template.md @@ -6,13 +6,13 @@ This vulnerability can lead to data theft through the attacker’s ability to ma **Steps to Reproduce** -1. Login as a user and navigate to: {{URL}} +1. Log in as a user and navigate to: {{URL}} 1. Use Developer Tools, Network tab to see that sensitive content is being served over HTTP: {{screenshot}} **Proof of Concept (PoC)** -The following screenshot shows the sensitive data served over HTTP: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/password_reset_token/template.md b/submissions/description/sensitive_data_exposure/password_reset_token/template.md index 3d22eb9f..7d9c3f7f 100644 --- a/submissions/description/sensitive_data_exposure/password_reset_token/template.md +++ b/submissions/description/sensitive_data_exposure/password_reset_token/template.md @@ -7,7 +7,7 @@ Token Leakage via `Referer` header can lead to indirect financial loss through a **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Click on the link to the third-party website 1. Capture the request using the HTTP interception proxy 1. Observe the password token in the `Referer` header diff --git a/submissions/description/sensitive_data_exposure/sensitive_token_in_url/user_facing/template.md b/submissions/description/sensitive_data_exposure/sensitive_token_in_url/user_facing/template.md index 464df7b8..ef22e68a 100644 --- a/submissions/description/sensitive_data_exposure/sensitive_token_in_url/user_facing/template.md +++ b/submissions/description/sensitive_data_exposure/sensitive_token_in_url/user_facing/template.md @@ -6,11 +6,11 @@ This vulnerability can lead to data theft through the attacker’s ability to ma **Steps to Reproduce** -1. Login as a user and navigate to: {{URL}} +1. Log in as a user and navigate to: {{URL}} 1. Observe the exposed token in the URL **Proof of Concept (PoC)** -The following screenshot shows the sensitive token in the URL: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/over_http/template.md b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/over_http/template.md index e8855061..a2425bea 100644 --- a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/over_http/template.md +++ b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/over_http/template.md @@ -7,12 +7,12 @@ Token Leakage via `Referer` header can lead to indirect financial loss through a **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Capture the request using the HTTP interception proxy 1. Observe the token in `Referer` header and that the connection is over HTTP **Proof of Concept (PoC)** -The following screenshot shows the token exposed within the `Referer` HTTP request header over a HTTP connection: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/password_reset_token/template.md b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/password_reset_token/template.md index 3c16a970..f80b9d18 100644 --- a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/password_reset_token/template.md +++ b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/password_reset_token/template.md @@ -7,12 +7,12 @@ Token Leakage via `Referer` header can lead to indirect financial loss through a **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Capture the request using the HTTP interception proxy 1. Observe the token in `Referer` header **Proof of Concept (PoC)** -The following screenshot shows the token exposed within the `Referer` HTTP request header: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/template.md b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/template.md index 0c0c1f01..faf5822f 100644 --- a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/template.md +++ b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/template.md @@ -7,12 +7,12 @@ Token Leakage via `Referer` header can lead to indirect financial loss through a **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Capture the request using the HTTP interception proxy 1. Observe the token in `Referer` header **Proof of Concept (PoC)** -The following screenshot shows the token exposed within the `Referer` HTTP request header: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/trusted_third_party/template.md b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/trusted_third_party/template.md index 9fa0a4f3..64ae950f 100644 --- a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/trusted_third_party/template.md +++ b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/trusted_third_party/template.md @@ -7,16 +7,16 @@ Token Leakage via `Referer` header can lead to indirect financial loss through a **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Click on the link to the third-party website 1. Capture the request using the HTTP interception proxy 1. Observe the token is in `Referer` header and that the connection is over HTTP **Proof of Concept (PoC)** -The following screenshot shows the token exposed within the `Referer` HTTP request header over a HTTP connection: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} Here is a list of the untrusted 3rd party hosts that receive the token: diff --git a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/untrusted_third_party/template.md b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/untrusted_third_party/template.md index 3fa5fd56..2040ef9a 100644 --- a/submissions/description/sensitive_data_exposure/token_leakage_via_referer/untrusted_third_party/template.md +++ b/submissions/description/sensitive_data_exposure/token_leakage_via_referer/untrusted_third_party/template.md @@ -7,13 +7,13 @@ Token Leakage via `Referer` header can lead to indirect financial loss through a **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Click on the link to the third-party website 1. Capture the request using the HTTP interception proxy -1. Observe the token in `Referer` header and that theconnection is over HTTP +1. Observe the token in `Referer` header and that the connection is over HTTP **Proof of Concept (PoC)** -The following screenshot shows the token exposed within the `Referer` HTTP request header over a HTTP connection: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/password_reset_token_sent_over_http/template.md b/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/password_reset_token_sent_over_http/template.md index dfa52eb3..f9f8d356 100644 --- a/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/password_reset_token_sent_over_http/template.md +++ b/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/password_reset_token_sent_over_http/template.md @@ -9,13 +9,13 @@ Weak password reset implementation could lead to data theft from the attacker’ **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login to a valid account and navigate to: {{URL}} +1. Use a browser to log in to a valid account and navigate to: {{URL}} 1. Click on the reset link 1. Capture the request using the HTTP interception proxy 1. Observe that the password reset token is being sent over HTTP **Proof of Concept (PoC)** -The screenshot below displays the password reset token being sent over HTTP: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/template.md b/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/template.md index a6b6dfdb..0610c8be 100644 --- a/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/template.md +++ b/submissions/description/sensitive_data_exposure/weak_password_reset_implementation/template.md @@ -7,13 +7,13 @@ Weak password reset implementation could lead to data theft from the attacker’ **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login to a valid account and navigate to: {{URL}} +1. Use a browser to log in to a valid account and navigate to: {{URL}} 1. Click on the reset link 1. Capture the request using the HTTP interception proxy 1. Observe the weakness in the password reset implementation **Proof of Concept (PoC)** -The following screenshot shows the weak password reset implementation: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/exposed_admin_portal/template.md b/submissions/description/server_security_misconfiguration/exposed_admin_portal/template.md new file mode 100644 index 00000000..29bad5be --- /dev/null +++ b/submissions/description/server_security_misconfiguration/exposed_admin_portal/template.md @@ -0,0 +1,22 @@ +Administrative portals for an application allow Admins to log in and modify how the application runs and the content it serves. This can include adding, removing, updating, or creating new content, account provisioning, data manipulation, and other configuration changes. + +An attacker who is able to identify an exposed admin portal can then brute force credentials. If they successfully log in, they can access the administrative interface and carry out activities with Admin privileges. + +**Business Impact** + +Exposed admin portals can lead to indirect financial loss due to the attacker’s ability to modify, remove or create data within the admin portal. It can also cause reputational damage for the business due to a loss in confidence and trust by users. + +**Steps to Reproduce** + +1. Use a browser to navigate to the admin portal via the URL: {{URL}} +1. The following are the functionalities of the admin portal: + +{{value}} + +1. Execute {{action}} on the admin portal + +**Proof of Concept (PoC)** + +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/exposed_admin_portal/to_internet/template.md b/submissions/description/server_security_misconfiguration/exposed_admin_portal/to_internet/template.md new file mode 100644 index 00000000..29bad5be --- /dev/null +++ b/submissions/description/server_security_misconfiguration/exposed_admin_portal/to_internet/template.md @@ -0,0 +1,22 @@ +Administrative portals for an application allow Admins to log in and modify how the application runs and the content it serves. This can include adding, removing, updating, or creating new content, account provisioning, data manipulation, and other configuration changes. + +An attacker who is able to identify an exposed admin portal can then brute force credentials. If they successfully log in, they can access the administrative interface and carry out activities with Admin privileges. + +**Business Impact** + +Exposed admin portals can lead to indirect financial loss due to the attacker’s ability to modify, remove or create data within the admin portal. It can also cause reputational damage for the business due to a loss in confidence and trust by users. + +**Steps to Reproduce** + +1. Use a browser to navigate to the admin portal via the URL: {{URL}} +1. The following are the functionalities of the admin portal: + +{{value}} + +1. Execute {{action}} on the admin portal + +**Proof of Concept (PoC)** + +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/misconfigured_dns/template.md b/submissions/description/server_security_misconfiguration/misconfigured_dns/template.md index 5fa56388..9bd7a602 100644 --- a/submissions/description/server_security_misconfiguration/misconfigured_dns/template.md +++ b/submissions/description/server_security_misconfiguration/misconfigured_dns/template.md @@ -6,12 +6,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t **Steps to Reproduce** -1. Login to the application at: {{url}} +1. Log in to the application at: {{url}} 1. Use {{software}} to gather information about the DNS **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the misconfigured DNS: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/change_password/template.md b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/change_password/template.md index 96fa0ee2..6590b142 100644 --- a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/change_password/template.md +++ b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/change_password/template.md @@ -15,8 +15,8 @@ No rate limiting on a password change form can result in reputational damage to 1. Perform another, manual password change form submission in the browser without the interception proxy enabled 1. Observe that the form is submitted successfully which shows that there is no silent lockout implemented -#### Proof of Concept +**Proof of Concept (PoC)** -The following screenshots demonstrate a lack of rate limiting on the password change form, followed by a successful form submission: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/email_triggering/template.md b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/email_triggering/template.md index 2a98964f..a4598b7e 100644 --- a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/email_triggering/template.md +++ b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/email_triggering/template.md @@ -17,8 +17,8 @@ Additionally, for systems that use Software-as-a-Service (SaaS) email providers, 1. Perform another, manual email triggering form submission in the browser without the interception proxy enabled 1. Observe that the form is submitted and an email is triggered successfully. This shows that there is no silent lockout implemented -#### Proof of Concept +**Proof of Concept (PoC)** -The following screenshots demonstrate a lack of rate limiting on the email triggering form, followed by a successful form submission after 400 requests: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/login/template.md b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/login/template.md index af2c3d4e..e0128ebe 100644 --- a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/login/template.md +++ b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/login/template.md @@ -12,11 +12,11 @@ No rate limiting on a login form can result in reputational damage to the organi 1. Submit the login form while using the HTTP intercept proxy to intercept the request 1. Using the HTTP intercept proxy, re-issue the captured request 400 times in rapid succession 1. Observe within the HTTP intercept proxy that all 400 of these requests generate successful login attempts, showing that there is no rate-limiting on the form -1. Login with valid account credentials +1. Log in with valid account credentials 1. Observe that a valid login is successful which shows that there is no silent lockout implemented -#### Proof of Concept +**Proof of Concept** -The following screenshots demonstrate a lack of rate limiting on the login form followed by a successful login: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/registration/template.md b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/registration/template.md index 1e2368df..a46d7c9b 100644 --- a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/registration/template.md +++ b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/registration/template.md @@ -15,8 +15,8 @@ No rate limiting on a registration form can result in reputational damage to the 1. Perform another, manual account registration form submission in the browser without the interception proxy enabled 1. Observe that the form is submitted successfully. This shows that there is no silent lockout implemented -#### Proof of Concept +**Proof of Concept (PoC)** -The following screenshots demonstrate a lack of rate limiting on the registration form, followed by a successful form submission: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/sms_triggering/template.md b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/sms_triggering/template.md index 0557dbe0..7f513e6f 100644 --- a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/sms_triggering/template.md +++ b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/sms_triggering/template.md @@ -17,8 +17,8 @@ Additionally, for systems that use Software-as-a-Service (SaaS) SMS providers, t 1. Perform another, manual SMS triggering form submission in the browser without the interception proxy enabled 1. Observe that the form is submitted and an SMS is triggered successfully. This shows that there is no silent lockout implemented -#### Proof of Concept +**Proof of Concept (PoC)** -The following screenshots demonstrate a lack of rate limiting on the SMS triggering form, followed by a successful form submission: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/template.md b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/template.md index ecd6db5f..3ab2dcb9 100644 --- a/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/template.md +++ b/submissions/description/server_security_misconfiguration/no_rate_limiting_on_form/template.md @@ -14,8 +14,8 @@ No rate limiting on a form can result in reputational damage to the organization 1. Perform another, manual form submission in the browser 1. Observe that the form is submitted successfully which shows that there is no silent lockout implemented -#### Proof of Concept +**Proof of Concept** -The following screenshots demonstrate a lack of rate limiting on the login form followed by a successful form submission: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_squatting/template.md b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_squatting/template.md index d16ab171..45b408d5 100644 --- a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_squatting/template.md +++ b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_squatting/template.md @@ -10,11 +10,11 @@ Depending on the type of misconfiguration found in the OAuth implementation, exp 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. With the HTTP intercept proxy turned on, login to the application and capture the response in the the HTTP intercept proxy +1. With the HTTP intercept proxy turned on, log in to the application and capture the response in the the HTTP intercept proxy 1. Observe the OAuth misconfiguration **Proof of Concept (PoC)** -The screenshot below demonstrates the OAuth misconfiguration: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_takeover/template.md b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_takeover/template.md index f22354dc..62b57399 100644 --- a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_takeover/template.md +++ b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/account_takeover/template.md @@ -13,6 +13,6 @@ Account takeover can lead to financial and loss through an attacker's access to **Proof of Concept (PoC)** -The screenshot below demonstrates the OAuth misconfiguration: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/insecure_redirect_uri/template.md b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/insecure_redirect_uri/template.md index 76473c9a..b085a3ba 100644 --- a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/insecure_redirect_uri/template.md +++ b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/insecure_redirect_uri/template.md @@ -10,7 +10,7 @@ Account takeover can lead to financial and loss through an attacker's access to 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. With the HTTP intercept proxy turned on, login to the application and capture the response in the the HTTP intercept proxy +1. With the HTTP intercept proxy turned on, log in to the application and capture the response in the the HTTP intercept proxy 1. Change `redirect_uri` to the following value: {{parameter}} @@ -19,6 +19,6 @@ Account takeover can lead to financial and loss through an attacker's access to **Proof of Concept (PoC)** -The screenshot below demonstrates a successful account takeover: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/missing_state_parameter/template.md b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/missing_state_parameter/template.md index 73b274e4..6cf70fc9 100644 --- a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/missing_state_parameter/template.md +++ b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/missing_state_parameter/template.md @@ -9,7 +9,7 @@ Account takeover can lead to financial and loss through an attacker's access to **Steps to Reproduce** 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Capture the response with the HTTP intercept proxy turned on 1. Observe the insecure `state` parameter 1. Change `state` to the following value: @@ -26,6 +26,6 @@ Account takeover can lead to financial and loss through an attacker's access to **Proof of Concept (PoC)** -The screenshot below demonstrates a successful account takeover: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/template.md b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/template.md index 31bfe93d..e30ec9ef 100644 --- a/submissions/description/server_security_misconfiguration/oauth_misconfiguration/template.md +++ b/submissions/description/server_security_misconfiguration/oauth_misconfiguration/template.md @@ -8,11 +8,11 @@ Depending on the type of misconfiguration found in the OAuth implementation, exp 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP 1. Use a browser to navigate to: {{URL}} -1. With the HTTP intercept proxy turned on, login to the application and capture the response in the the HTTP intercept proxy +1. With the HTTP intercept proxy turned on, log in to the application and capture the response in the the HTTP intercept proxy 1. Observe the OAuth misconfiguration **Proof of Concept (PoC)** -The screenshot below demonstrates the OAuth misconfiguration: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/options/template.md b/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/options/template.md index b38a5edf..b720d246 100644 --- a/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/options/template.md +++ b/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/options/template.md @@ -9,7 +9,7 @@ HTTP methods enabled can lead to reputational damage for the business through th **Steps to Reproduce** 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Within the HTTP intercept proxy insert the following request: {{screenshot}} @@ -19,6 +19,6 @@ HTTP methods enabled can lead to reputational damage for the business through th **Proof of Concept (PoC)** -The screenshot below demonstrates the HTTP method enabled: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/template.md b/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/template.md index 800f7e85..99b5359d 100644 --- a/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/template.md +++ b/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/template.md @@ -7,7 +7,7 @@ HTTP methods enabled can lead to reputational damage for the business through th **Steps to Reproduce** 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Within the HTTP intercept proxy insert the following request: {{screenshot}} @@ -17,6 +17,6 @@ HTTP methods enabled can lead to reputational damage for the business through th **Proof of Concept (PoC)** -The screenshot below demonstrates the HTTP method enabled: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/trace/template.md b/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/trace/template.md index 2bc83bdb..e4b030f0 100644 --- a/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/trace/template.md +++ b/submissions/description/server_security_misconfiguration/potentially_unsafe_http_method_enabled/trace/template.md @@ -9,7 +9,7 @@ HTTP methods enabled can lead to reputational damage for the business through th **Steps to Reproduce** 1. Enable a HTTP intercept proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Within the HTTP intercept proxy insert the following request: {{screenshot}} @@ -19,6 +19,6 @@ HTTP methods enabled can lead to reputational damage for the business through th **Proof of Concept (PoC)** -The screenshot below demonstrates the HTTP method enabled: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md index 0dfd8337..1fc57fd9 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md @@ -7,7 +7,7 @@ External DNS-only SSRF can result in the application and internal network being **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: ```HTTP @@ -18,6 +18,6 @@ External DNS-only SSRF can result in the application and internal network being **Proof of Concept (PoC)** -The following screenshot(s) demonstrate(s) this vulnerability: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md index 6470f799..1368eecb 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md @@ -7,7 +7,7 @@ External SSRF can lead to data theft and through an attacker accessing, deleting **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: ```HTTP @@ -18,6 +18,6 @@ External SSRF can lead to data theft and through an attacker accessing, deleting **Proof of Concept (PoC)** -The following screenshot(s) demonstrate(s) this vulnerability: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md index 92c5b914..4f7edab5 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md @@ -7,7 +7,7 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: ```HTTP @@ -18,6 +18,6 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi **Proof of Concept (PoC)** -The following screenshot(s) demonstrate(s) this vulnerability: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md index 20b5c79c..0fae50e4 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md @@ -7,7 +7,7 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: ```HTTP @@ -24,6 +24,6 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi **Proof of Concept (PoC)** -The following screenshot(s) demonstrate(s) this vulnerability: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md index b7508994..acc911f9 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md @@ -9,7 +9,7 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi **Steps to Reproduce** 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP -1. Use a browser to login and navigate to: {{URL}} +1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: ```HTTP @@ -20,6 +20,6 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi **Proof of Concept (PoC)** -The following screenshot(s) demonstrate(s) this vulnerability: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/using_default_credentials/template.md b/submissions/description/server_security_misconfiguration/using_default_credentials/template.md index 75ad23a8..8f9d217d 100644 --- a/submissions/description/server_security_misconfiguration/using_default_credentials/template.md +++ b/submissions/description/server_security_misconfiguration/using_default_credentials/template.md @@ -1,4 +1,4 @@ -Default credentials are credentials that are set as default by the manufacturer or supplier of hardware and software products. These credentials often have Administrator privileges. An attacker can take advantage of default credentials and login to administrative accounts using wordlists of usernames and passwords found online, which may give them the authority to change the state of the application or users’ accounts. +Default credentials are credentials that are set as default by the manufacturer or supplier of hardware and software products. These credentials often have Administrator privileges. An attacker can take advantage of default credentials and log in to administrative accounts using wordlists of usernames and passwords found online, which may give them the authority to change the state of the application or users’ accounts. **Business Impact** @@ -12,6 +12,6 @@ Default credentials can result in reputational damage and indirect financial los **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the default credentials: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/ocr_optical_character_recognition/template.md b/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/ocr_optical_character_recognition/template.md index 66ef8df2..885c0126 100644 --- a/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/ocr_optical_character_recognition/template.md +++ b/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/ocr_optical_character_recognition/template.md @@ -1,6 +1,6 @@ -A Computer Automated Public Turing Test test to tell Computers and Humans Apart (CAPTCHA) allows applications to tell whether a user is a human or a robot. A common bypass is using Optical Character Recognition (OCR) where software can filter out the noise form CAPTCHA forms and easily classify the form with high accuracy. +A Computer Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) allows applications to tell whether a user is a human or a robot. A common bypass is using Optical Character Recognition (OCR) where software can filter out the noise from CAPTCHA forms and easily classify the form with high accuracy. -An attacker can leverage software that uses OCR to bypass CAPTCHA forms and spam the website with queries for registration, login, and spam support teams with faulty requests. +An attacker can leverage software that uses OCR to bypass CAPTCHA forms and spam the website with queries for registration, log in, and spam support teams with faulty requests. **Business Impact** @@ -13,6 +13,6 @@ CAPTCHA bypass can lead to reputational damage for the business due to a loss in **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the CAPTCHA bypass: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/template.md b/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/template.md index a44380eb..7233809d 100644 --- a/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/template.md +++ b/submissions/description/using_components_with_known_vulnerabilities/captcha_bypass/template.md @@ -1,6 +1,6 @@ -A Computer Automated Public Turing Test test to tell Computers and Humans Apart (CAPTCHA) allows applications to tell whether a user is a human or a robot. A CAPTCHA can be bypassed when the implementation or its workflow is improperly configured, or when software can be used to bypass the challenge. +A Computer Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) allows applications to tell whether a user is a human or a robot. A CAPTCHA can be bypassed when the implementation or its workflow is improperly configured, or when software can be used to bypass the challenge. -An attacker can bypass the CAPTCHA form and spam the website with queries for registration, login, as well as spam support teams with faulty requests. +An attacker can bypass the CAPTCHA form and spam the website with queries for registration, log in, as well as spam support teams with faulty requests. **Business Impact** @@ -13,6 +13,6 @@ CAPTCHA bypass can lead to reputational damage for the business due to a loss in **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the CAPTCHA bypass: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/using_components_with_known_vulnerabilities/template.md b/submissions/description/using_components_with_known_vulnerabilities/template.md index ca184920..dcb6a0fc 100644 --- a/submissions/description/using_components_with_known_vulnerabilities/template.md +++ b/submissions/description/using_components_with_known_vulnerabilities/template.md @@ -17,6 +17,6 @@ Outdated Software Version can lead to reputational damage for the business due t **Proof of Concept (PoC)** -The screenshot(s) below demonstrates the outdated software with known vulnerabilities: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}}