How to avoid Manual Checking?

Questions or requests about submissions
Post Reply
m00nr4c00n
Posts:9
Joined:Thu Sep 14, 2017 10:13 pm
How to avoid Manual Checking?

Post by m00nr4c00n » Sun Jul 14, 2019 6:24 pm

I have submitted a bunch of sites, and basically all of them went from pending to Manual
Checking.
As I understand it, there is supposed to be some sort of automatic verification.
How can I improve my submissions so that they have a higher chance of being automatically approved?
It didnt seem to make a difference when I posted the straight url including payload vs url + POST parameters x=payload

Manual verification sounds like kind of a pain for the moderators.. so if I can make less of those it would be great!
Tips and tricks appreciated!

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: How to avoid Manual Checking?

Post by x1admin » Mon Jul 15, 2019 10:41 am

1. use <script>alert("OPENBUGBOUNTY");</script> payload
2. don't write anything into POST Data input for GET requests

crazyga10332314
Posts:1
Joined:Mon Jul 15, 2019 7:10 pm

Re: How to avoid Manual Checking?

Post by crazyga10332314 » Mon Jul 15, 2019 7:15 pm

I'm new here, thanks very useful.

m00nr4c00n
Posts:9
Joined:Thu Sep 14, 2017 10:13 pm

Re: How to avoid Manual Checking?

Post by m00nr4c00n » Thu Jul 18, 2019 8:25 am

I usually go with <svg onload=alert`OPENBUGBOUNTY`> (using the ` around OBB instead of ")
It fires more times than with script and (" But Ill make sure to try out the old trusty script alert you posted when success is identified!
Thanks for input!

m00nr4c00n
Posts:9
Joined:Thu Sep 14, 2017 10:13 pm

Re: How to avoid Manual Checking?

Post by m00nr4c00n » Sat Jul 20, 2019 10:34 pm

Just to add some more input into this:
When I copy from the url bar and paste it into the report field my payload becomes this ->
domain/?s=%22%3E%3Csvg%20onload=alert`OPENBUGBOUNTY`%3E
which makes it into a "manual check"
when I post a straight domain/?s="><svg onload=alert`OPENBUGBOUNTY`> it auto checks.

maybe it would be possible to add a little decoder button under the URL1 field? just to make it easier?
something like ->

<script type="text/javascript">
function decode() {
var obj = document.getElementById('url1');
var encoded = obj.value;
obj.value = decodeURIComponent(encoded.replace(/\+/g, " "));
}
</script>
<input type="button" onclick="decode()" value="Decode">

Should be able to decrease the amount of manual checks right?

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests