Open Bug Bounty Community Forum

metamorfosec_id wrote: ↑

Fri Jun 07, 2019 1:25 pm

Hello..,

I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.

I think wildcard is good to minimize any duplicate submissions.

For example:

I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?

I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.

wanwanjiajia wrote: ↑

Tue Sep 17, 2019 7:10 am

Are there other ways(like API..) to search by wildcard in URL Field?
We want to know how many websites in my company are disclosed to be vulnerable.
And we can fix these as soon as possible.