Getatlas E909rh35zbHackerOne
Help CenterReporting VulnerabilitiesSubmitting Proof of Concept (PoC)
Related articles

Submitting Proof of Concept (PoC)

Last updated July 24, 2024

A strong Proof of Concept (PoC) is crucial for successful vulnerability reporting on HackerOne. It provides clear and convincing evidence of the security flaw you've identified, making it easier for program teams to understand the issue, validate its impact, and prioritize its resolution. This guide outlines the best practices for crafting effective PoCs that strengthen your reports and increase your chances of recognition.

Crafting a Clear and Convincing PoC:

  • Understand What Makes a Good PoC: A good PoC is clear, concise, and demonstrates the vulnerability in a practical way. It should be reproducible and include all necessary steps to trigger the vulnerability.
  • Tailor Your Approach: The specific format and details of your PoC will depend on the nature of the vulnerability you're reporting. Consider the following types of PoCs:
  • Code Snippets: Provide working code examples that demonstrate the vulnerability. Include comments to explain the code and clarify its functionality.
  • Screenshots and Videos: Capture screenshots or record videos to visually illustrate the vulnerability. This is particularly helpful for UI-related issues or exploits that have visual manifestations.
  • Technical Details and Exploits: Provide detailed technical explanations of the vulnerability and its exploitation. This might include network captures, log entries, or in-depth technical analysis.
  • Prioritize Clarity and Simplicity: Focus on providing a concise and clear explanation of the vulnerability. Avoid unnecessary technical jargon or overly complex descriptions.
  • Consider Program-Specific Requirements: Some programs might have specific requirements for PoC format or content. Review the program guidelines to ensure you meet those expectations.
  • Don't Reveal Sensitive Information: Avoid sharing sensitive data or details that could compromise the security of the program or target system. Focus on demonstrating the vulnerability without revealing unnecessary information.
  • Securely Share Your PoC: Use the secure file sharing options provided by HackerOne for uploading your PoC. Avoid sharing it through public platforms or insecure channels.
Was this article helpful?