HTTP Request → index.php (router) → Controller/userController.php (line 40) → calls render() in Template.php (line 88) → uses eval() on user input. This shows the grader you understand the application architecture, not just the one vulnerable line. When you paste a code snippet, annotate the vulnerable lines with comments .
"I ran curl http://target/shell.php" Good example: oswe exam report
The OSWE exam report is not an afterthought; it is 50% of the exam. No matter how elegant your Python exploit script or how deep your static code analysis, if your report is unclear, incomplete, or fails to meet Offensive Security’s rigorous standards, you will see the dreaded "Fail" status. HTTP Request → index
This article is a deep dive into everything you need to know about the OSWE exam report. We will cover structure, common pitfalls, the "reproduction steps" nightmare, automation, and the exact checklist to use before you hit "submit." Before we discuss formatting, let's discuss psychology. Offensive Security exams (OSCP, OSWP, OSWE, OSEP) are unique because they simulate a real-world consultant’s workflow. "I ran curl http://target/shell