Tên * Số điện thoại Email * Trang cá nhân
Hackerone / Twitter / Bugcrowd / Intergrity ... Thông tin này được sử dụng để vinh danh bạn, cũng như có thể được mời vào các chương trình private bug bounty của VSEC.
Loại lỗ hổng
Chọn loại sự cố - chỉ chọn mộtAuthentication Bypass Using an Alternate Path or Channel (CWE-288)Unprotected Transport of Credentials (CWE-523)Use of Hard-coded Cryptographic Key (CWE-321)Key Exchange without Entity Authentication (CWE-322)Buffer Under-read (CWE-127)Code Injection (CWE-94)UI Redressing (Clickjacking) (CAPEC-103)Use of Hard-coded Password (CWE-259)Unchecked Error Condition (CWE-391)Embedded Malicious Code (CWE-506)Man-in-the-Middle (CWE-300)Path Traversal: '.../...//' (CWE-35)Improer Handling of URL Encoding (Hex Encoding) (CWE-177)Phishing (CAPEC-98)Buffer Underflow (CWE-124)Use of Inherently Dangerous Function (CWE-242)Incorrect Calculation of Buffer Size (CWE-131)Integer Underflow (CWE-191)Use After Free (CWE-416)XML Entity Expansion (CWE-776)Missing Required Cryptographic Step (CWE-325)HTTP Request Smuggling (CWE-444)Memory Corruption - Generic (CWE-119)Replicating Malicious Code (Virus or Worm) (CWE-509)Classic Buffer Overflow (CWE-120)Download of Code Without Integrity Check (CWE-494)Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE-350)CRLF Injection (CWE-93)Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)Cross-site Scripting (XSS) - Generic (CWE-79)Remote File Inclusion (CWE-98)Violation of Secure Design Principles (CWE-657)XML External Entities (XXE) (CWE-611)Reversible One-Way Hash (CWE-328)Incorrect Permission Assignment for Critical Resource (CWE-732)Malware (CAPEC-549)Privacy Violation (CWE-359)Insecure Direct Object Reference (IDOR) (CWE-639)Exposed Dangerous Method or Function (CWE-749)Heap Overflow (CWE-122)Stack Overflow (CWE-121)Weak Cryptography for Passwords (CWE-261)Wrap-around Error (CWE-128)Password in Configuration File (CWE-260)Unverified Password Change (CWE-620)Cryptographic Issues - Generic (CWE-310)File and Directory Information Exposure (CWE-538)Insecure Storage of Sensitive Information (CWE-922)LDAP Injection (CWE-90)Information Exposure Through an Error Message (CWE-209)Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)Improper Input Validation (CWE-20)Improper Handling of Insufficient Permissions or Privileges (CWE-280)Cross-site Scripting (XSS) - Stored (CWE-79)Use of Insufficiently Random Values (CWE-330)Cross-Site Request Forgery (CSRF) (CWE-352)Storing Passwords in a Recoverable Format (CWE-257)Externally Controlled Reference to a Resource in Another Sphere (CWE-610)Reliance on Untrusted Inputs in a Security Decision (CWE-807)Use of Hard-coded Credentials (CWE-798)Allocation of Resources Without Limits or Throttling (CWE-770)Improper Privilege Management (CWE-269)Incomplete Blacklist (CWE-184)Session Fixation (CWE-384)Cross-site Scripting (XSS) - Reflected (CWE-79)Use of a Key Past its Expiration Date (CWE-324)Leftover Debug Code (Backdoor) (CWE-489)External Control of Critical State Data (CWE-642)Cleartext Transmission of Sensitive Information (CWE-319)Business Logic Errors (CWE-840)Out-of-bounds Read (CWE-125)Type Confusion (CWE-843)Use of Externally-Controlled Format String (CWE-134)Incorrect Comparison (CWE-697)Information Exposure Through Discrepancy (CWE-203)Inclusion of Functionality from Untrusted Control Sphere (CWE-829)Information Exposure Through Directory Listing (CWE-548)Missing Authorization (CWE-862)XSS Using MIME Type Mismatch (CAPEC-209)Privilege Escalation (CAPEC-233)Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)Improper Following of a Certificate's Chain of Trust (CWE-296)Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)Plaintext Storage of a Password (CWE-256)Relative Path Traversal (CWE-23)SQL Injection (CWE-89)Resource Injection (CWE-99)Improper Certificate Validation (CWE-295)Improper Null Termination (CWE-170)Improper Check or Handling of Exceptional Conditions (CWE-703)Command Injection - Generic (CWE-77)Weak Password Recovery Mechanism for Forgotten Password (CWE-640)Inadequate Encryption Strength (CWE-326)Deserialization of Untrusted Data (CWE-502)Open Redirect (CWE-601)Forced Browsing (CWE-425)XML Injection (CWE-91)HTTP Response Splitting (CWE-113)Insufficient Session Expiration (CWE-613)Uncontrolled Recursion (CWE-674)Buffer Over-read (CWE-126)Insecure Temporary File (CWE-377)Off-by-one Error (CWE-193)Use of a Broken or Risky Cryptographic Algorithm (CWE-327)Incorrect Authorization (CWE-863)Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)Information Disclosure (CWE-200)Server-Side Request Forgery (SSRF) (CWE-918)Misconfiguration (CWE-16)Integer Overflow (CWE-190)Information Exposure Through Debug Information (CWE-215)Cleartext Storage of Sensitive Information (CWE-312)User Interface (UI) Misrepresentation of Critical Information (CWE-451)Execution with Unnecessary Privileges (CWE-250)Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)Missing Encryption of Sensitive Data (CWE-311)Write-what-where Condition (CWE-123)Modification of Assumed-Immutable Data (MAID) (CWE-471)Path Traversal (CWE-22)Improper Export of Android Application Components (CWE-926)Unrestricted Upload of File with Dangerous Type (CWE-434)Untrusted Search Path (CWE-426)Array Index Underflow (CWE-129)Information Exposure Through Timing Discrepancy (CWE-208)Cross-site Scripting (XSS) - DOM (CWE-79)Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)Insufficiently Protected Credentials (CWE-522)NULL Pointer Dereference (CWE-476)Information Exposure Through Sent Data (CWE-201)Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)Brute Force (CWE-307)Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)Improper Authentication - Generic (CWE-287)Reusing a Nonce, Key Pair in Encryption (CWE-323)Improper Access Control - Generic (CWE-284)Missing Authentication for Critical Function (CWE-306)Using Components with Known Vulnerabilities (CWE-1035)Trust of System Event Data (CWE-360)Client-Side Enforcement of Server-Side Security (CWE-602)Double Free (CWE-415)Improper Authorization (CWE-285)Security Through Obscurity (CWE-656)Denial of Service (CWE-400)OS Command Injection (CWE-78)Khác
Mức độ nghiêm trọng
Chọn mức độThông tinThấpTrung bìnhCaoNguy hiểm
Proof of concept là phần quan trọng nhất trong báo cáo lỗ hổng của bạn. Trình bày rõ ràng, rành mạch sẽ giúp chúng tôi xác nhận vấn đề nhanh nhất có thể
Tiêu đề *
Ngắn gọn, rõ ràng bao gồm tên loại lỗ hổng và nội dung bị ảnh hưởng Ví dụ: Store XSS trên trang xxx.com/abc có thể dẫn đến tài khoản của người dùng bị đánh cắp
Mô tả *
Các bước tìm ra lỗ hổng: Chi tiết về cách chúng tôi có thể tái tạo vấn đề Các bước để tái thực hiện lỗ hổng:Chi tiết về cách tái thực hiện lỗ hổng để VSEC có thể xác nhận cảnh báo này 1. Bước 1 2. Bước 2
Thông tin
Tệp đính kèm / Dẫn chứng Bạn có thể tải lên hình ảnh, dẫn chứng trên kho lưu trữ trực tuyến như: Google Drive, OneDrive, Dropbox, file.io,... Sau đó chia sẻ đường dẫn cho chúng tôi tại đây.
Trang web này sử dụng cookie để cung cấp cho bạn trải nghiệm người dùng tốt hơn. Để biết thêm thông tin, hãy tham khảo Chính sách quyền riêng tư của chúng tôi