"I found an SQLi in the search bar." The fix: "In search.php lines 12-15, the code concatenates $_GET['q'] directly into the query. See Appendix A for the full source dump."
Do not waste precious exam time designing a layout from scratch. Have a professional markdown or LaTeX template configured and tested before your exam day.
You must include the code you wrote to automate the exploitation. 3. OSWE Report Work Checklist: Key Requirements oswe exam report work
: If a step requires a specific state (e.g., a certain user being logged in), explicitly document how to reach that state.
Stick to standard fonts (Arial, Calibri, or Liberation Sans) if using a word processor. "I found an SQLi in the search bar
If you are looking for the official documentation regarding this, it is found in the provided to students upon enrollment. The "report work" is the mechanism by which candidates convert their technical findings into a pass/fail result.
Walk the grader through the manual exploitation process. Use a combination of text, HTTP request/response blocks, and screenshots. A reader should be able to replicate your exact steps perfectly without your code. 4. Remediation Advice You must include the code you wrote to
Based on reviews from OffSec and experienced students , keep these tips in mind:
For every vulnerability found, provide a concrete remediation strategy. Do not just write "update the software."