I need an example of what a valid PoC is for bounty

[Excellencedev]

Just need an example of this. That's all. Cu I don't understand what is valid and what is "mock"

[bad-antics]

Here's a concrete example of what a valid PoC (Proof of Concept) looks like for a nuclei template bounty submission vs a "mock" one:

Valid PoC Example

A valid PoC demonstrates that the template actually detects a real vulnerability on a live (or lab) target. You need:

1. The template YAML file
2. Evidence it works against a real target

Example: CVE-2023-22515 (Atlassian Confluence Auth Bypass)

Template (CVE-2023-22515.yaml):

id: CVE-2023-22515

info:
  name: Atlassian Confluence - Authentication Bypass
  author: your-username
  severity: critical
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-22515

http:
  - method: GET
    path:
      - "{{BaseURL}}/server-info.action"
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Server Information"
          - "Confluence"
        condition: and
      - type: status
        status:
          - 200

PoC Evidence (run output):

$ nuclei -t CVE-2023-22515.yaml -u https://vulnerable-target.example.com -v

[CVE-2023-22515] [http] [critical] https://vulnerable-target.example.com/server-info.action

What makes this valid:

• Shows the actual nuclei command used
• Shows the template matched against a real target
• The output includes the template ID, severity, and matched URL
• You can optionally include a screenshot or the -debug output

What a "Mock" / Invalid PoC Looks Like

These will get rejected:

• Just a template file with no proof it works - "here's my template, trust me it works"
• Testing against httpbin.org or example.com - not a real vulnerable target
• Fabricated output - manually typed nuclei output without actually running it
• Template that matches too broadly - e.g., just checking if a server returns 200

How to Create a Valid PoC

1. Set up a lab target: Use Docker to spin up a vulnerable version of the software:

   # Example: vulnerable Confluence
   docker run -p 8090:8090 atlassian/confluence:8.5.1

2. Run your template against it:

   nuclei -t your-template.yaml -u http://localhost:8090 -debug

3. Capture the output as your PoC evidence

4. Include the debug output which shows the full HTTP request/response:

   nuclei -t your-template.yaml -u http://localhost:8090 -debug -v 2>&1 | tee poc-output.txt

Bounty Submission Format

Template: CVE-XXXX-XXXXX.yaml
Target: http://localhost:8090 (Docker: image:tag)
Command: nuclei -t CVE-XXXX-XXXXX.yaml -u http://localhost:8090 -debug
Result: [attached output/screenshot]

This shows the reviewer that the template actually works against a real vulnerable instance.

[bad-antics]

Here's a concrete example of what a valid PoC (Proof of Concept) looks like for a nuclei template bounty submission vs a "mock" one:

Valid PoC Example

A valid PoC demonstrates that the template actually detects a real vulnerability on a live (or lab) target. You need:

1. The template YAML file
2. Evidence it works against a real target

Example: CVE-2023-22515 (Atlassian Confluence Auth Bypass)

Template (CVE-2023-22515.yaml):

id: CVE-2023-22515

info:
  name: Atlassian Confluence - Authentication Bypass
  author: your-username
  severity: critical
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-22515

http:
  - method: GET
    path:
      - "{{BaseURL}}/server-info.action"
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Server Information"
          - "Confluence"
        condition: and
      - type: status
        status:
          - 200

PoC Evidence (run output):

$ nuclei -t CVE-2023-22515.yaml -u https://vulnerable-target.example.com -v

[CVE-2023-22515] [http] [critical] https://vulnerable-target.example.com/server-info.action

What makes this valid:

• Shows the actual nuclei command used
• Shows the template matched against a real target
• The output includes the template ID, severity, and matched URL
• You can optionally include a screenshot or the -debug output

What a "Mock" / Invalid PoC Looks Like

These will get rejected:

• Just a template file with no proof it works - "here's my template, trust me it works"
• Testing against httpbin.org or example.com - not a real vulnerable target
• Fabricated output - manually typed nuclei output without actually running it
• Template that matches too broadly - e.g., just checking if a server returns 200

How to Create a Valid PoC

1. Set up a lab target: Use Docker to spin up a vulnerable version of the software:

   # Example: vulnerable Confluence
   docker run -p 8090:8090 atlassian/confluence:8.5.1

2. Run your template against it:

   nuclei -t your-template.yaml -u http://localhost:8090 -debug

3. Capture the output as your PoC evidence

4. Include the debug output which shows the full HTTP request/response:

   nuclei -t your-template.yaml -u http://localhost:8090 -debug -v 2>&1 | tee poc-output.txt

Bounty Submission Format

Template: CVE-XXXX-XXXXX.yaml
Target: http://localhost:8090 (Docker: image:tag)
Command: nuclei -t CVE-XXXX-XXXXX.yaml -u http://localhost:8090 -debug
Result: [attached output/screenshot]

This shows the reviewer that the template actually works against a real vulnerable instance.