Submitting a Vulnerability Using Embedded Form

• Reporting Vulnerability
• Receiving Email Notifications
• Claiming Your Submission
• Unsubscribing from Submissions

Researchers can easily submit vulnerability reports within our Customer’s websites and apps to Bugcrowd without signing into Bugcrowd. An example of this embedded form is available at https://www.bugcrowd.com/hackme-external-form/.

Hack Me program is setup for testing Bugcrowd functionality from a researcher perspective. If you submit vulnerabilities using the Hack Me embedded form, it will not be reviewed or triaged. To submit actual vulnerabilities found on Bugcrowd, submit them to the Bugcrowd program and not the HackMe form.

In the form, provide the vulnerability details such as technical severity, detailed description, vulnerability location, trace/HTTP dump, and any other additional information. You can provide your email address to receive updates for the reported vulnerability and a claim ticket. Later, you can use this claim ticket to log in to Bugcrowd to receive the reward for your submission.

Reporting Vulnerability

To report a vulnerability on an external form found in the wild:

1. Fill in the form with the relevant information.

   

   Field	Sub Field	Details
   Info		Provide a summary about the vulnerability.
   Technical severity		Select the vulnerability type. Based on Bugcrowd’s Vulnerability Rating Taxonomy (VRT), a baseline technical severity rating is assigned.
   Vulnerability details	URL/Location of vulnerability	Provide the URL or location of the vulnerability.
   	Description	Provide detailed description about the vulnerability. It can include information such as security impact, replication steps, proof of concept, or any other details.
   	Trace dump/HTTP request	Specify the trace dump or HTTP request.
   	Any additional information	Provide additional information that is relevant to the submitted vulnerability.
   Attachments		Click Add Attachments and upload images or videos related to the vulnerability. For example, demo of the replication steps, proof-of-concept scripts, screenshots, or any other relevant images or videos. You can attach multiple files (up to five). Each file size must be less than 100MB.
   Email		Provide your email address for receiving an email that allows you to claim the submission on .
   You can provide an email ID that is already registered with Bugcrowd or provide any other email ID.
   Confirmation		Select I agree to the Bugcrowd terms & conditions as well as any additional rules and instructions provided by the organization hosting this program option.

2. Click Report Vulnerability.

   The Your submission has been received message is displayed along with the submission ID. Also, you will receive an email for claiming your submission.

Receiving Email Notifications

You will receive notification emails from Bugcrowd that informs you about the submission changes until you claim your submission. When a submission is updated, transitioned (status change), or commented, you will receive a notification email from Bugcrowd.

The following image shows a notification email that you will receive when a submission is transitioned to Triaged state.

The following image shows a notification email that you will receive when the submission details are updated.

If you do not want to receive notifications, click unsubscribe. For more information, see unsubscribing from submissions.

Claiming Your Submission

To receive the reward for the submitted vulnerability, perform the following to claim your submission:

1. In the email you have received, click Claim the submission.

   

   The Log in to Bugcrowd page is displayed.

2. If you already have a Bugcrowd account, then use that email ID, associated password, and click Log in.

   

   If you do not have a Bugcrowd account, then click create an account. For information about creating an account, see becoming a researcher.

   The Claim your reward page is displayed. Also, the Signed in successfully message is displayed.

3. Click Claim.

   

   The Successfully claimed message is displayed and you are redirected to the Payments tab.

   Claim with a different account: if you want to use another account to claim your reward. The Log in to Bugcrowd page is displayed. If you already have an account with Bugcrowd, use the same email ID and password. Else, create an account and then log in. For information about creating an account, see becoming a researcher.

Unsubscribing from Submissions

You can unsubscribe from submissions so that you will no longer receive any correspondence or updates.

To unsubscribe from a submission:

1. In the email that you have received for claiming your submission, click unsubscribe.

   

   The Unsubscribe from submission page is displayed.

2. Select any of the following reasons:

   • This submission was not submitted by me
   • I have no interest in engaging with this submission
   • Other: Provide any other reason

   

3. Click Unsubscribe.

   

   When you unsubscribe from a submission, an activity is added on the submission and includes the unsubscribe reason.

---