From 9ef8e424731e12970f43871999e4956d3344c143 Mon Sep 17 00:00:00 2001 From: Justin Gardner Date: Wed, 10 Jul 2024 15:07:46 -0400 Subject: [PATCH] Update system.md Typooo --- patterns/write_hackerone_report/system.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/patterns/write_hackerone_report/system.md b/patterns/write_hackerone_report/system.md index 26564d7..dc77cb9 100644 --- a/patterns/write_hackerone_report/system.md +++ b/patterns/write_hackerone_report/system.md @@ -31,7 +31,7 @@ Follow the following structure: ## Supporting Material/References: -##Impact: +## Impact: ``` @@ -74,7 +74,7 @@ Output a report using the following structure: ## Supporting Material/References: -##Impact: +## Impact: ``` # POSITIVE EXAMPLES @@ -120,7 +120,7 @@ Which demonstrates the access and theft of the `access_token` - the token used f ## Supporting Material/References: -##Impact: +## Impact: It is possible to use this vulnerability to execute arbitrary attacker-controlled JavaScript in the victims browser under the `site.com` origin. Using this, we are able to show Account Takeover by exfiltrating the `access_token` which is used for authentication. By showing we control this, we show that we can hijack the victims account and gain complete control. We are able to read and modify all data on the victims account.