Merge pull request bugcrowd#528 from bugcrowd/add-missing-templates-2024

Adding missing Templates

submissions/description/application_level_denial_of_service_dos/excessive_resource_consumption/guidance.md

@@ -0,0 +1,7 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+For a Denial of Service (DoS), please include a simple URL or HTTP payload that can be executed to easily demonstrate and reproduce the issue.
+
+Attempt to escalate the DoS vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/application_level_denial_of_service_dos/excessive_resource_consumption/recommendations.md

@@ -0,0 +1,8 @@
+# Recommendation(s)
+
+It is recommended to perform input validation to limit the total request size, and file upload and extension sizes. and, It’s also important to prevent any user input based function or threading interaction. These preventative measures help against application-level DoS attacks.
+
+For more information, refer to the following resources:
+
+- <https://www.bugcrowd.com/glossary/application-level-denial-of-service-dos/>
+- <https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html>

submissions/description/application_level_denial_of_service_dos/excessive_resource_consumption/template.md

@@ -0,0 +1,30 @@
+# Excessive Resource Consumption
+
+## Overview of the Vulnerability
+
+Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
+
+There is an application-level DoS vulnerability within this application that an attacker can use to exhaust resources, making the application unavailable for its designed purpose to legitimate users.
+
+## Business Impact
+
+Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
+
+## Steps to Reproduce
+
+1. Navigate to {{url}}
+1. Use the following payload:
+
+{{payload}}
+
+1. In the URL, insert the payload into the following parameter:
+
+{{parameter}}
+
+1. Observe that the payload causes a DoS condition
+
+## Proof of Concept (PoC)
+
+The screenshot below demonstrates the vulnerability:
+
+{{screenshot}}

submissions/description/cryptographic_weakness/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the cryptographic weakness, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/cryptographic_weakness/recommendations.md

@@ -0,0 +1,8 @@
+# Recommendation(s)
+
+Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. Use only trustworthy cryptographic algorithms outlined within security standards and regulations.
+
+For more information, refer to the following resources:
+
+- <https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html>
+- <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/>

submissions/description/cryptographic_weakness/template.md

@@ -0,0 +1,22 @@
+# Cryptographic Weakness
+
+## Overview of the Vulnerability
+
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application uses broken, weak, or otherwise flawed cryptography which can allow an attacker to decrypt sensitive information, or otherwise compromise the confidentiality, integrity, or authenticity of data.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application.
+
+## Steps to Reproduce
+
+1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
+1. Setup {{software}} to intercept and log requests
+1. Use a browser to navigate to: {{URL}}
+1. Perform {{action}} to view unencrypted requests
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}

submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/recommendations.md

@@ -0,0 +1,3 @@
+# Recommendation(s)
+
+It is recommended to encrypt all data at rest within the device to prevent the data from being viewable by a 3rd party attacker.

submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/template.md

@@ -0,0 +1,23 @@
+# Data Not Encrypted at Rest
+
+## Overview of the Vulnerability
+
+The device stores data that is not encrypted at rest, compromising the confidentiality and integrity of the data. This oversight allows an attacker with physical access to the device to easily access and potentially compromise the sensitive data contained within, exposing personal information, secrets, or credentials.
+
+## Business Impact
+
+The absence of encryption for data at rest on the device poses a significant risk to data confidentiality and integrity. This vulnerability can lead to data breaches, unauthorized access to sensitive information, and potential financial and reputational damages to the organization. It undermines the trust of customers and partners and may result in non-compliance with regulatory requirements related to data protection and privacy.
+
+## Steps to Reproduce
+
+1. Gain physical access to the device and remove the cover as seen in the images below.
+{{screenshot}}
+1. Locate the hard drive on the device, and remove it.
+1. Using a external hard drive caddy, mount the device.
+1. Observe that it is possible to access the filesystem, demonstrating the lack of encryption at rest.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}

submissions/description/insecure_os_firmware/weakness_in_firmware_updates/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/insecure_os_firmware/weakness_in_firmware_updates/recommendations.md

@@ -0,0 +1,3 @@
+# Recommendation(s)
+
+It is recommended to implement the ability for the firmware to be upgraded on the device, including the use of an automatic update policy which will allow for the patching of future security issues.

submissions/description/insecure_os_firmware/weakness_in_firmware_updates/template.md

@@ -0,0 +1,22 @@
+# Weakness in Firmware Updates
+
+## Overview of the Vulnerability
+
+There is a weakness in firmware updates that leaves the system exposed to unpatched vulnerabilities and security risks. These limitations prevents effective maintenance and security management, rendering the device obsolete against evolving threats. An attacker can leverage the weakness in firmware updates to gain access to sensitive information.
+
+## Business Impact
+
+Weaknesses in firmware updates directly affects operational resilience and security posture, leading to potential system integrity and reliability issues. It can lead to unauthorized access and data breaches, compromising the integrity of the device. The subsequent detection and exploitation of these vulnerabilities can cause significant financial, operational, and reputational damage to the organization, diminishing customer trust and potentially violating regulatory compliance.
+
+## Steps to Reproduce
+
+1. Identify the specific {{Hardware}} model:
+{{Hardware name and model number}}
+2. Check the user interface or official documentation for firmware update options.
+3. Verify the weakness in the firmware update process within the device's settings or configuration portal.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}

submissions/description/insufficient_security_configurability/guidance.md

@@ -0,0 +1,3 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.

submissions/description/insufficient_security_configurability/recommendations.md

@@ -0,0 +1,5 @@
+# Recommendation(s)
+
+For more information refer to Open Web Application Security Project (OWASP) guide relating to this vulnerability:
+
+- <https://owasp.org/Top10/A05_2021-Security_Misconfiguration/>

submissions/description/insufficient_security_configurability/template.md

@@ -0,0 +1,20 @@
+# Insufficient Security Configurability
+
+## Overview of the Vulnerability
+
+Insufficient security configurability refers to the lack of options or flexibility in configuring security settings within a system or application. This vulnerability may arise from hardcoded security configurations, limited options for customization, or inadequate documentation. Due to this, an attacker can manipulate data and perform actions that appear to originate from a legitimate user.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage and indirect financial loss to the company as customers may view the application as insecure.
+
+## Steps to Reproduce
+
+1. Login to the application at: {{url}}
+2. Perform {{action}} and observe that the security configuration is weak
+
+## Proof of Concept (PoC)
+
+The screenshot(s) below demonstrates the vulnerability:
+
+{{screenshot}}

submissions/description/network_security_misconfiguration/guidance.md

@@ -0,0 +1,3 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.

submissions/description/network_security_misconfiguration/recommendations.md

@@ -0,0 +1,6 @@
+# Recommendation(s)
+
+Disable the user of telnet for the application’s connection to the server. Instead, SSH can be used.
+
+For more information, please see the Open Web Application Security Project (OWASP) guide located at:
+<https://owasp.org/www-community/vulnerabilities/Insecure_Transport>

submissions/description/network_security_misconfiguration/template.md

@@ -0,0 +1,20 @@
+# Network Security Misconfiguration
+
+## Overview of the Vulnerability
+
+Network security misconfigurations can occur in network devices, services, or infrastructure and expose the organization to security risks. This vulnerability was identified due to default settings, inadequate access controls, or improper firewall rules. Due to this, an attacker can perform further attacks on the application, the business, or its users.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
+
+## Steps to Reproduce
+
+1. Issue the following command line in the terminal window: {{command}}
+1. Observe that the network security is bypassed and a connection is successfully established between the client computer and the application
+
+## Proof of Concept (PoC)
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+
+{{screenshot}}

submissions/description/physical_security_issues/weakness_in_physical_access_control/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/physical_security_issues/weakness_in_physical_access_control/recommendations.md

@@ -0,0 +1 @@
+# Recommendation(s)

submissions/description/physical_security_issues/weakness_in_physical_access_control/template.md

@@ -0,0 +1,20 @@
+# Weakness in Physical Access Control
+
+## Overview of the Vulnerability
+
+A weakness has been identified in the physical access controls deployed to secure physical access to facilities, premises, or sensitive areas within an organization. This scenario typically arises from insufficient security measures, such as weak locks, ineffective surveillance, or lack of employee awareness. This vulnerability can result in unauthorized individuals could easily obtain a key to gain access.
+
+## Business Impact
+
+The perceived ease of bypassing such a security measure can damage an organization's reputation, lead to financial losses, and erode customer trust, especially if sensitive information or valuable assets are compromised.
+
+## Steps to Reproduce
+
+1. Looking at the facility, it is possible to identify indications of physical access: {{indicators}}
+1. Perform {{action}} to bypass {{security measure}}
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}

submissions/description/server_side_injection/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how to access the vulnerable injection point, and how to exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+Attempt to escalate the content spoofing vulnerability. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/server_side_injection/recommendations.md

@@ -0,0 +1,7 @@
+# Recommendation(s)
+
+All user input should be sanitized using allow lists (valid characters and code strings), disallow lists ( invalid characters and code strings), and escape sanitizing (elimination of invalid data requests). It is best practice that all user input goes through a validation process which only allows content to be processed by the server if it passes validation.
+
+For more information, view the following resource:
+
+- <https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs>

submissions/description/server_side_injection/template.md

@@ -0,0 +1,24 @@
+# Server-Side Injection
+
+## Overview of the Vulnerability
+
+Server-side injection allows attackers to inject malicious code into server-side scripts. As a result, an attacker is able to manipulate the application to include a malicious script which is executed by the server. This can lead to unauthorized access or manipulation of data.
+
+## Business Impact
+
+The vulnerability can result in data theft and manipulation, and reputational damage for the business as customers' trust is negatively impacted by an attacker’s ability to access and modify data on a server.
+
+## Steps to Reproduce
+
+1. In a browser, navigate to the URL: {{url}}
+1. Identify that the following input field that is vulnerable to injection: {{vulnerable input field}}
+1. Inject the following code into the vulnerable input:
+{{code}}
+1. Submit the form or input data containing the injected code
+1. Observe the response from the server, noticing any unexpected behavior or error messages
+
+## Proof of Concept
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+
+{{screenshot}}