Common HackerOne Reporting Issues and Solutions
Last updated July 24, 2024
Submitting vulnerability reports on HackerOne is a crucial part of the ethical hacking process, but sometimes you may encounter issues that prevent you from successfully submitting your report. This guide addresses common reporting problems and provides solutions to help you overcome these obstacles.
Common Reporting Issues and Solutions:
- Incorrect Vulnerability Type Selection: Double-check that you've selected the correct vulnerability type from the dropdown menu. Choose the category that most accurately describes the vulnerability you've discovered.
- Insufficient Proof of Concept (PoC): Ensure your PoC provides clear and convincing evidence of the vulnerability. Include detailed steps to reproduce the issue, screenshots, videos, or technical explanations to support your report.
- Lack of Reproducible Steps: Provide clear and detailed steps on how to reproduce the vulnerability. The program team needs to be able to easily replicate the issue to verify its existence and impact.
- Inadequate Report Description: Write a detailed and well-written description of the vulnerability, including the impact it could have and any relevant technical information. Avoid using jargon or overly technical language that might be difficult to understand.
- Sharing Confidential Information: Avoid including sensitive data or confidential information in your report. Focus on providing the necessary technical details to demonstrate the vulnerability without disclosing unnecessary information.
- Missing Program Guidelines: Thoroughly review the program's specific guidelines before submitting your report. Program guidelines outline acceptable reporting methods, reporting requirements, and specific details about the program's scope.
- Reporting Duplicate Issues: Check existing reports to ensure you're not reporting a duplicate issue that's already been addressed.
- Reporting Out-of-Scope Issues: Make sure your report falls within the scope of the program. Refer to the program's scope description to confirm that the reported issue is relevant to the program's objectives.
Was this article helpful?