🏁My Synack Report Methodology

Synack Quality Report ---> Important Rules

• Always look at ---> low impact Category Vulnerabilities

• Always look at ---> out of scope category Vulnerabilities

• Always look at ---> HTTP request URL and the Vulnerability Location URL match, and importantly these need to both be the location where the vulnerability is present.

• Always look at ---> The POC Steps were also should be broken out into their own Multiple steps using the add step button with each step including Screenshots. Even 1st step only includes a login attempt with a Screenshot. then go to the Second step.

• Always look at ---> 1) First go to Standards for Vulnerability Acceptance Page then Select your Vulnerability then Read Full Vulnerability Acceptance Details. then click Report Template then See General Report Requirements and Title, Description, impact, and Recommended Fix Section just Copy and Paste your on Report.

Synack | Loginsupport.synack.com

Synack Report Templates Link

-------------------------------------------------------------

Vulnerabilities that will be marked as Valid if not already reported:

Same path + Same endpoint + Different parameter

Payment: 100% reward

Same path + Different endpoint + Different parameter

Payment: 100% reward

Different path + Different endpoint + Same parameter

VulnOps will pay in full for 3 reports

Different path + Same endpoint + Different parameter

Payment: 100% reward,

-------------------------------------------------------------

Steps tp Reproduce:

1. open the web Browser and Turn on burp Proxy

2. Visit the https://www.lansweeper.com/blog/? page of the blog, and use Burp Suite to intercept and modify the request.

3. this https://www.lansweeper.com/blog/? The request will get captured in Burp history > Send it to Repeater.

4. Go to Repeater tab > Modify the URL:> POST /blog/? HTTP/2 > Changing it to: POST /blog/?,(select * from (select(sleep(10)))a) HTTP/2

5. Submit the request and observe that the application takes 10 seconds to respond.

Steps to Reproduce:

1. Open the web browser and Turn on the burp Proxy

2. First visit the Target in Scope URL: https://stmt-intl-preprod.dominos.com/stmt/

3. and URL Redirected to the Login Page and then use this login credentials: Username: Test_synacke Password: Sunfish.23

4. Then after login Visit the https://stmt-intl-preprod.dominos.com/stmt/.env and get 403 response.

5. Then Use Burp Suite to intercept the request and send it to the Burp repeater to modify the request.

6. or this https://stmt-intl-preprod.dominos.com/stmt/.env Request will get captured in Burp history > Send it to Repeater.

7. Go to Repeater tab > Modify the URL:> GET /stmt/.env HTTP/1.1 Change it to:> GET /stmt/;.env HTTP/1.1

8. Then Send the request and observe that the response got 200 response and see User Authentication Bypased and got .env Sensitive Directory Disclosed

Steps to Reproduce:

1. First visit the Target in Scope URL: https://synackstg3.staging3.cirrotester.com/

2. and URL Redirected to the Login Page and then use these login credentials: Email: coralbug26+admin@srt.io & Password: 7FyJA9Q*N@N2

3. Then after login to Dashboard Visit the Setting Page URL: https://synackstg3.staging3.cirrotester.com/settings/cloud_apps_and_scan

4. Look at already created Cloud Apps already inside the ( Cloud Apps and Scan Settings )

5. Click on any cloud app name then Redirect to the Cloud App Detail Page

6. Look at the already created Cloud App Name inside the ( Cloud App Detail )

7. Edit this Name

8. Replace this Cloud App Name with your own Improper Input Validation payload like: ">

9. then click on Green Tick

10. See and observe that the input provided was accepted