bugcrowd · RRudder · Nov 24, 2023 · Nov 24, 2023 · Nov 24, 2023 · Nov 27, 2023
diff --git a/...ion_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md b/...ion_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
+Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is a local application-level DoS vulnerability within this Android application that causes it to crash. An attacker can use this vulnerability to provide empty, malformed, or irregular data via the Intent binding mechanism, crashing the application and making it unavailable for its designed purpose to legitimate users.
 
@@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Steps to Reproduce
 
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Use the following payload:
 
 {{payload}}
@@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 {{parameter}}
 
-1. Observe that the payload causes a denial of service
+1. Observe that the payload causes a Denial of Service
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates the denial of service:
+The screenshot below demonstrates the Denial of Service:
 
 {{screenshot}}
diff --git a/...ion_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md b/...ion_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
+Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is a local application-level DoS vulnerability within this iOS application that causes it to crash. An attacker can use this vulnerability to provide empty, malformed, or irregular data via a URL scheme, crashing the application and making it unavailable for its designed purpose to legitimate users.
 
@@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Steps to Reproduce
 
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Use the following payload:
 
 {{payload}}
@@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 {{parameter}}
 
-1. Observe that the payload causes a denial of service
+1. Observe that the payload causes a Denial of Service
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates the denial of service:
+The screenshot below demonstrates the Denial of Service:
 
 {{screenshot}}
diff --git a/...sions/description/application_level_denial_of_service_dos/app_crash/template.md b/...sions/description/application_level_denial_of_service_dos/app_crash/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
+Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is an application-level DoS vulnerability within this iOS or Android application that causes it to crash. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users.
 
@@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Steps to Reproduce
 
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Use the following payload:
 
 {{payload}}
@@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 {{parameter}}
 
-1. Observe that the payload causes a denial of service that has high impact or medium difficulty to be performed
+1. Observe that the payload causes a Denial of Service that has high impact or medium difficulty to be performed
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates the denial of service:
+The screenshot below demonstrates the Denial of Service:
 
 {{screenshot}}
diff --git a/..._level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md b/..._level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md
@@ -21,7 +21,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 {{parameter}}
 
-1. Observe that the payload causes a denial of service that has critical impact or is easy to perform
+1. Observe that the payload causes a Denial of Service that has critical impact or is easy to perform
 
 ## Proof of Concept (PoC)
 

diff --git a/...on_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md b/...on_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md
@@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 {{parameter}}
 
-1. Observe that the payload causes a denial of service that has high impact or medium difficulty to be performed
+1. Observe that the payload causes a Denial of Service that has high impact or medium difficulty to be performed
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates proof of the vulnerability:
+The screenshot below demonstrates the Denial of Service:
 
 {{screenshot}}
diff --git a/submissions/description/application_level_denial_of_service_dos/template.md b/submissions/description/application_level_denial_of_service_dos/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
+Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is an application-level DoS vulnerability within this application that an attacker can use to exhaust resources, making the application unavailable for its designed purpose to legitimate users.
 
@@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 ## Steps to Reproduce
 
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Use the following payload:
 
 {{payload}}
@@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 {{parameter}}
 
-1. Observe that the payload causes a denial of service
+1. Observe that the payload causes a Denial of Service
 
 ## Proof of Concept (PoC)
 
-The screenshot below demonstrates the denial of service:
+The screenshot below demonstrates the Denial of Service:
 
 {{screenshot}}
diff --git a/.../idor/edit_delete_sensitive_information_iterable_object_identifiers/template.md b/.../idor/edit_delete_sensitive_information_iterable_object_identifiers/template.md
@@ -13,18 +13,18 @@ IDOR can lead to reputational damage for the business through the impact to cust
 1. Use a browser to navigate to: {{URL}}
 1. Login to User Account A
 1. In the URL bar, modify the parameter to a different value:
-
-{{eg.<https://example.com/parameter(UserAccountB)>}}
+>
+> {{eg.<https://example.com/parameter(UserAccountB)>}}
 
 1. Observe that the application displays information of User Account B, as seen in the screenshot below:  
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 ## Proof of Concept (PoC)
 
 Below is a screenshot demonstrating the exposed object executing:
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 A malicious attacker could leverage this IDOR vulnerability to read data by using the following payload:  
 
@@ -33,5 +33,5 @@ A malicious attacker could leverage this IDOR vulnerability to read data by usin
 ```
 
 The following screenshot(s) demonstrate(s) this additional impact:
-
-{{screenshot}}
+>
+> {{screenshot}}
diff --git a/...oken_access_control/idor/read_edit_delete_non_sensitive_information/template.md b/...oken_access_control/idor/read_edit_delete_non_sensitive_information/template.md
@@ -13,18 +13,18 @@ IDOR can result in reputational damage for the business through the impact to cu
 1. Use a browser to navigate to: {{URL}}
 1. Login to User Account A
 1. In the URL bar, modify the parameter to a different value:
-
-{{eg.<https://example.com/parameter(UserAccountB)>}}
+>
+> {{eg.<https://example.com/parameter(UserAccountB)>}}
 
 1. Observe that the application displays information of User Account B, as seen in the screenshot below:  
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 ## Proof of Concept (PoC)
 
 Below is a screenshot demonstrating the exposed object executing:
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 An attacker could leverage this IDOR vulnerability to extract data by using the following payload:  
 
@@ -33,5 +33,5 @@ An attacker could leverage this IDOR vulnerability to extract data by using the
 ```
 
 The following screenshot(s) demonstrate(s) this vulnerability:
-
-{{screenshot}}
+>
+> {{screenshot}}
diff --git a/...ken_access_control/idor/read_edit_delete_sensitive_information_guid/template.md b/...ken_access_control/idor/read_edit_delete_sensitive_information_guid/template.md
@@ -13,18 +13,18 @@ IDOR can lead to reputational damage for the business through the impact to cust
 1. Use a browser to navigate to: {{URL}}
 1. Login to User Account A
 1. In the URL bar, modify the parameter to a different value:
-
-{{eg.<https://example.com/parameter(UserAccountB)>}}
+>
+> {{eg.<https://example.com/parameter(UserAccountB)>}}
 
 1. Observe that the application displays information of User Account B, as seen in the screenshot below:  
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 ## Proof of Concept (PoC)
 
 Below is a screenshot demonstrating the exposed object executing:
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 A malicious attacker could leverage this IDOR vulnerability to extract data by using the following payload:  
 
@@ -33,5 +33,5 @@ A malicious attacker could leverage this IDOR vulnerability to extract data by u
 ```
 
 The following screenshot(s) demonstrate(s) this additional impact:
-
-{{screenshot}}
+>
+> {{screenshot}}
diff --git a/.../read_edit_delete_sensitive_information_iterable_object_identifiers/template.md b/.../read_edit_delete_sensitive_information_iterable_object_identifiers/template.md
@@ -13,18 +13,18 @@ IDOR can lead to reputational damage for the business through the impact to cust
 1. Use a browser to navigate to: {{URL}}
 1. Login to User Account A
 1. In the URL bar, modify the parameter to a different value:
-
-{{eg.<https://example.com/parameter(UserAccountB)>}}
+>
+> {{eg.<https://example.com/parameter(UserAccountB)>}}
 
 1. Observe that the application displays information of User Account B, as seen in the screenshot below:  
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 ## Proof of Concept (PoC)
 
 Below is a screenshot demonstrating the exposed object executing:
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 A malicious attacker could leverage this IDOR vulnerability to read PII by using the following payload:  
 
@@ -33,5 +33,5 @@ A malicious attacker could leverage this IDOR vulnerability to read PII by using
 ```
 
 The following screenshot(s) demonstrate(s) this additional impact:
-
-{{screenshot}}
+>
+> {{screenshot}}
diff --git a/...control/idor/read_sensitive_information_iterable_object_identifiers/template.md b/...control/idor/read_sensitive_information_iterable_object_identifiers/template.md
@@ -13,18 +13,18 @@ IDOR can lead to reputational damage for the business through the impact to cust
 1. Use a browser to navigate to: {{URL}}
 1. Login to User Account A
 1. In the URL bar, modify the parameter to a different value:
-
-{{eg.<https://example.com/parameter(UserAccountB)>}}
+>
+> {{eg.<https://example.com/parameter(UserAccountB)>}}
 
 1. Observe that the application displays information of User Account B, as seen in the screenshot below:  
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 ## Proof of Concept (PoC)
 
 Below is a screenshot demonstrating the exposed object executing:
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 A malicious attacker could leverage this IDOR vulnerability to read data by using the following payload:  
 
@@ -33,5 +33,5 @@ A malicious attacker could leverage this IDOR vulnerability to read data by usin
 ```
 
 The following screenshot(s) demonstrate(s) this additional impact:
-
-{{screenshot}}
+>
+> {{screenshot}}
diff --git a/submissions/description/broken_access_control/idor/template.md b/submissions/description/broken_access_control/idor/template.md
@@ -13,18 +13,18 @@ IDOR can lead to indirect financial loss through an attacker accessing, deleting
 1. Use a browser to navigate to: {{URL}}
 1. Login to User Account A
 1. In the URL bar, modify the parameter to a different value:
-
-{{eg.<https://example.com/parameter(UserAccountB)>}}
+>
+> {{eg.<https://example.com/parameter(UserAccountB)>}}
 
 1. Observe that the application displays information of User Account B, as seen in the screenshot below:  
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 ## Proof of Concept (PoC)
 
 Below is a screenshot demonstrating the exposed object executing:
-
-{{screenshot}}
+>
+> {{screenshot}}
 
 A malicious attacker could leverage this IDOR vulnerability to extract data by using the following payload:  
 

diff --git a/...ryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md b/...ryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seeed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
 
 ## Business Impact
 

diff --git a/...ons/description/external_behavior/user_password_persisted_in_memory/template.md b/...ons/description/external_behavior/user_password_persisted_in_memory/template.md
@@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage for the business due to a los
 
 1. Utilize some software that allows computer memory to be accessed in a human-readable format
 1. Log in to the application
-1. Navigate to {{url}} and perform {{action}}
+1. Navigate to the following URL: {{url}} and perform {{action}}
 1. Cease using the application
 1. Using the computer memory viewer, view the password of the user that remained in memory after use
 

diff --git a/...cure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md b/...cure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md
@@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Login to the application and input data so that it is stored by the application
 1. Navigate to where the application stores the gathered information
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Observe the application data that is stored unencrypted
 
 ## Proof of Concept (PoC)

diff --git a/submissions/description/insecure_data_storage/template.md b/submissions/description/insecure_data_storage/template.md
@@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Login to the application and input data so that it is stored by the application
 1. Navigate to where the application stores the gathered information
-1. Navigate to {{url}}
+1. Navigate to the following URL: {{url}}
 1. Observe the application data that is stored unencrypted
 
 ## Proof of Concept (PoC)

diff --git a/submissions/description/insecure_os_firmware/command_injection/template.md b/submissions/description/insecure_os_firmware/command_injection/template.md
@@ -7,7 +7,7 @@ When Operating System (OS) firmware is insecure, it broadens the application’s
 
 ## Business Impact
 
-This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure.
+This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure.
 
 ## Steps to Reproduce
 

diff --git a/...ription/insecure_os_firmware/hardcoded_password/non_privileged_user/template.md b/...ription/insecure_os_firmware/hardcoded_password/non_privileged_user/template.md
@@ -8,7 +8,7 @@ A hard-coded password for a non-privileged user was identified in the source cod
 
 ## Business Impact
 
-This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure.
+This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure.
 
 ## Steps to Reproduce
 

diff --git a/...description/insecure_os_firmware/hardcoded_password/privileged_user/template.md b/...description/insecure_os_firmware/hardcoded_password/privileged_user/template.md
@@ -8,7 +8,7 @@ A hard-coded password for a privileged user was identified in the source code of
 
 ## Business Impact
 
-This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure.
+This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure.
 
 ## Steps to Reproduce