Wildcard in Website (URL) Field

Questions or suggestions about the platform
Post Reply
metamorfosec_id
Posts:269
Joined:Mon Apr 30, 2018 7:35 am
Wildcard in Website (URL) Field

Post by metamorfosec_id » Fri Jun 07, 2019 1:25 pm

Hello..,

I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.

I think wildcard is good to minimize any duplicate submissions.

For example:

I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?

I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Wildcard in Website (URL) Field

Post by x1admin » Sat Jun 08, 2019 11:57 am

metamorfosec_id wrote:
Fri Jun 07, 2019 1:25 pm
Hello..,

I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.

I think wildcard is good to minimize any duplicate submissions.

For example:

I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?

I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.
We deleted wildcard because it make very high load to our systems

wanwanjiajia
Posts:1
Joined:Thu Sep 12, 2019 8:05 am

Re: Wildcard in Website (URL) Field

Post by wanwanjiajia » Tue Sep 17, 2019 7:10 am

Are there other ways(like API..) to search by wildcard in URL Field?
We want to know how many websites in my company are disclosed to be vulnerable.
And we can fix these as soon as possible.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Wildcard in Website (URL) Field

Post by x1admin » Tue Sep 17, 2019 7:57 am

wanwanjiajia wrote:
Tue Sep 17, 2019 7:10 am
Are there other ways(like API..) to search by wildcard in URL Field?
We want to know how many websites in my company are disclosed to be vulnerable.
And we can fix these as soon as possible.
Hello, no
But for website owners with verified domains we provide api and with this api you can monitor all your domains

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests