Wildcard in Website (URL) Field
Posted: Fri Jun 07, 2019 1:25 pm
Hello..,
I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.
I think wildcard is good to minimize any duplicate submissions.
For example:
I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?
I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.
I see today OpenBugBounty uses exact domain name for Website (URL) Field, no wildcard again.
I think wildcard is good to minimize any duplicate submissions.
For example:
I want to submit example.com?q=[xss_payload]. With wildcard, I can check similar submissions if any simply with *example.com. Without wildcard, I need more time to check and may no accurate in result. How if other researchers already submitted with subdomain, but same vulnerable parameter, such as [country_code].example.com?q=[xss_payload]?
I am afraid if no wildcard again, it will increase (1) rejected submissions due to clone reason, or (2) requests to delete duplicate submissions.