Hello..,
I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.
I think wildcard is good to minimize any duplicate submissions.
For example:
I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?
I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.
Wildcard in Website (URL) Field
Re: Wildcard in Website (URL) Field
We deleted wildcard because it make very high load to our systemsmetamorfosec_id wrote: ↑Fri Jun 07, 2019 1:25 pmHello..,
I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.
I think wildcard is good to minimize any duplicate submissions.
For example:
I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?
I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.
-
- Posts:1
- Joined:Thu Sep 12, 2019 8:05 am
Re: Wildcard in Website (URL) Field
Are there other ways(like API..) to search by wildcard in URL Field?
We want to know how many websites in my company are disclosed to be vulnerable.
And we can fix these as soon as possible.
We want to know how many websites in my company are disclosed to be vulnerable.
And we can fix these as soon as possible.
Re: Wildcard in Website (URL) Field
Hello, nowanwanjiajia wrote: ↑Tue Sep 17, 2019 7:10 amAre there other ways(like API..) to search by wildcard in URL Field?
We want to know how many websites in my company are disclosed to be vulnerable.
And we can fix these as soon as possible.
But for website owners with verified domains we provide api and with this api you can monitor all your domains
Who is online
Users browsing this forum: No registered users and 2 guests