Writeup Template

Template for every published writeup. Fill in-place. Keep it terse, keep it reproducible, keep it defensible.

Metadata

• Target: <vendor / program / asset>
• Platform: <HackerOne / Bugcrowd / Intigriti / YesWeHack / vendor-direct / audit contest>
• Class: <CWE / OWASP category>
• Severity: <CVSS v4 score + vector>
• Reported: <YYYY-MM-DD>
• Resolved: <YYYY-MM-DD>
• Disclosed: <YYYY-MM-DD>
• CVE: <CVE-YYYY-NNNNN, if assigned>
• Bounty: <amount, if public>

Summary

One paragraph. Affected component, what the bug allowed, why it mattered.

Environment

Everything a reader needs to reproduce. Target version, dependencies, auth state, test account notes. No placeholders.

The invariant that was violated

One sentence. What the vendor assumed that the bug broke. This is the spine of the writeup — if it is vague, the writeup is vague.

Minimum reproducer

Shortest request / payload / script that demonstrates the bug. No stacktraces, no noise, no stringing together unrelated findings.

<PoC here>

Impact

What an attacker could do. Concrete, not hyperbolic. Tied to the invariant.

Root cause

Where in the code or config the assumption broke. Cite the file and line if the source is public, describe the logic if it is not.

Methodology

How the bug was found. Reconstructable — the point is that a reader could replicate the process, not just the PoC. Recon path, tooling, hypotheses tested, dead ends honest-logged.

Timeline

• <YYYY-MM-DD> — reported
• <YYYY-MM-DD> — triaged
• <YYYY-MM-DD> — patched
• <YYYY-MM-DD> — disclosed

Credit

Coordinated-disclosure thanks. Vendor security team, any collaborators, anyone who influenced the research path.