{
"bounty_code": "acmedynamite",
"bug_url": "http://acmetntproducts.com",
"caption": "Use the redundant IB application then you can quantify the mobile panel!",
"custom_fields": { "field1": "my value" },
"description_markdown": "When I click the thing it opens a thing which lets me type in a thing. Just enables the other thing which I can enter my payload in and make it go BOOOOOM!",
"extra_info_markdown": "### Here is some extra info about this submission",
"file_attachments_count": 2,
"http_request": "GET / HTTP/1.1\\nHost: bugcrowd.com\\nProxy-Connection: keep-alive\\nAccept: text/htmlapplication/xhtml+xmlapplication/xml;q=0.9image/webp*/*;q=0.8\\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10...",
"priority": "2",
"remediation_advice_markdown": "1. If possible consider disabling external access.\n2. Never use default credentials as it is trivial for an attacker to gain access by providing known or easy to guess credentials.\n3. Always change any kind of default credentials as the first step of setting up any kind of environment.\n4. Passwords should meet or exceed proper password strength requirements.",
"reference_number": "9cec0d6e6b1c778f34ba4eade6cd2a3e",
"submitted_at": "2016-08-20T18:07:32.181Z",
"source":"platform",
"substate": "unresolved",
"real_substate": "unresolved",
"title": "Use the redundant IB application then you can quantify the mobile panel!",
"vrt_id": "server_security_misconfiguration.using_default_credentials.staging_development_server",
"vrt_version": "1.0",
"vulnerability_references_markdown": "* https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002) \n * https://www.owasp.org/index.php/Configuration#Default_passwords \n * https://www.owasp.org/index.php/Authentication_Cheat_Sheet",
"uuid": "4cdf9c81-d92e-4918-8766-1eda55e7293c",
"bounty": {
"uuid": "d76c9eeb-25bb-4a08-9cd2-51677fd35bcd",
"bounty_type": "ongoing",
"code": "acmedynamite",
"custom_field_labels": [
{
"field_id": "09cfece3-f986-4c94-8cfc-03578d14e7ae",
"field_name": "field1"
}
],
"description_markdown": "A bounty testing the safety and security of dynamite-related devices produced by The Acme Corporation",
"ends_at": null,
"high_reward": 20000,
"low_reward": 100,
"name": "Acme Dynamite",
"participation": "open",
"points_only": true,
"starts_at": "2016-12-01T00:00:00.000Z",
"targets_overview_markdown": "",
"tagline": "Have a blast hacking on Acme products!",
"total_prize_pool": 100000,
"remaining_prize_pool": 50000,
"trial": false,
"status": "live",
"service_level": "validation"
},
"duplicate_of": null,
"duplicate": false,
"assignee": {
"display_name": "Bertram Gilfoyle"
},
"user": {
"username": "researcher123"
},
"monetary_rewards": [
{
"amount": "100.00"
}
],
"target": {
"name": "http://acmetntproducts.com",
"business_priority": "high"
}
}
Attribute | Type or Potential Values | Notes |
|---|---|---|
| String | Bounty's code |
| String | |
| String | |
| Array of Custom Fields | |
| CVSS Object | This is only shown if the Bounty has enabled CVSS. |
| Text | Bugcrowd supports Github flavored markdown. |
| Text | Bugcrowd supports Github flavored markdown. |
| Integer | Number of attachments on the submission. |
| Text | |
| Boolean | |
| Integer ( | Technical Severity |
| Text | This field is only available to programs with Alpha access of Remediation Advice. Bugcrowd supports Github flavored markdown. |
| String | Unique Identifier that is visible to researchers |
| DateTime | |
|
| How the submission was created |
|
| |
real_substate | String | |
title | String | |
vrt_id | String (VRT ID's joined by .) | Vulnerability Rating Taxonomy Classification ID |
vrt_version | Integer | VRT Version |
vulnerability_references_markdown | Text | This field is only available to programs with Alpha access of Remediation Advice.Bugcrowd supports Github flavored markdown. |
uuid | UUID | |
bounty | Bounty | |
duplicate_of | Submission | |
duplicate | Boolean | Whether the submission is a duplicate of another finding |
assignee | Tracker User | |
user | User | |
monetary_rewards | Array of Monetary Rewards | |
target | Target |