--- title: Writeup Template description: Writeup template v0 — minimum-reproducer PoC, severity justification, invariant violated, reconstructable methodology. section: craft tags: [craft, writeups, template] genre: reference stability: draft lastUpdated: 2026-04-21 url: https://fardiniqbal.com/docs/craft/writeups/template --- Template for every published writeup. Fill in-place. Keep it terse, keep it reproducible, keep it defensible. ## Metadata [#metadata] * **Target:** `` * **Platform:** `` * **Class:** `` * **Severity:** `` * **Reported:** `` * **Resolved:** `` * **Disclosed:** `` * **CVE:** `` * **Bounty:** `` ## Summary [#summary] One paragraph. Affected component, what the bug allowed, why it mattered. ## Environment [#environment] Everything a reader needs to reproduce. Target version, dependencies, auth state, test account notes. No placeholders. ## The invariant that was violated [#the-invariant-that-was-violated] One sentence. What the vendor assumed that the bug broke. This is the spine of the writeup — if it is vague, the writeup is vague. ## Minimum reproducer [#minimum-reproducer] Shortest request / payload / script that demonstrates the bug. No stacktraces, no noise, no stringing together unrelated findings. ``` ``` ## Impact [#impact] What an attacker could do. Concrete, not hyperbolic. Tied to the invariant. ## Root cause [#root-cause] Where in the code or config the assumption broke. Cite the file and line if the source is public, describe the logic if it is not. ## Methodology [#methodology] How the bug was found. Reconstructable — the point is that a reader could replicate the process, not just the PoC. Recon path, tooling, hypotheses tested, dead ends honest-logged. ## Timeline [#timeline] * `` — reported * `` — triaged * `` — patched * `` — disclosed ## Credit [#credit] Coordinated-disclosure thanks. Vendor security team, any collaborators, anyone who influenced the research path.