Hi community.
I have some questions because sometimes I don't know if i should report a vulnerability in openbugbounty.
Example:
I find a XSS vulnerability in big website. I make a search if anyone has already reported and i see something like 15 reports
12 unpatched and 3 resolved. Should I report anyway?
And if the site has 10 reports and 10 unpatched?
Question Time
-
c0rtePentest
- Posts:38
- Joined:Fri Oct 07, 2016 8:21 pm
- Contact:
Re: Question Time
u need to check if one of the unpatched is a duplicate to yours. if so, clone reports are not accepted.
if you fonund a duplicate on an already patched vuln, create report. either it was patched and is vulnerable again or it was never patched and marked so for whatever reason.
if u create the report anyway without checking it probably will be declined as clone.
if you fonund a duplicate on an already patched vuln, create report. either it was patched and is vulnerable again or it was never patched and marked so for whatever reason.
if u create the report anyway without checking it probably will be declined as clone.
Who is online
Users browsing this forum: No registered users and 2 guests