What is considered a duplicate?

Questions or suggestions about the platform
Post Reply
RiceNinja248
Posts:16
Joined:Thu Oct 12, 2017 2:26 pm
What is considered a duplicate?

Post by RiceNinja248 » Thu Jan 11, 2018 5:14 pm

Hi there! :D I'm fairly new here and have a clarification question regarding duplicates/clones.

If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates? I assume it would be acceptable as the only way to notify all the site owners is to report each site separately but wanted to confirm that this is the case before I submit.

As an example, I'm referring more to situations like Scenario A than Scenario B.

A) scrubshop.weebly.com
bigbadbully.weebly.com
tastyhushpuppies.weebly.com


B) shop.scrubshop.com
deals.scrubshop.com
jobs.scrubshop.com

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: What is considered a duplicate?

Post by x1admin » Fri Jan 12, 2018 8:01 am

RiceNinja248 wrote:
Thu Jan 11, 2018 5:14 pm
If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates?
no

tigerincup
Posts:10
Joined:Sat Dec 24, 2016 4:20 pm

Re: What is considered a duplicate?

Post by tigerincup » Fri Jan 12, 2018 9:40 am

thanks for the clarification.

RiceNinja248
Posts:16
Joined:Thu Oct 12, 2017 2:26 pm

Re: What is considered a duplicate?

Post by RiceNinja248 » Fri Jan 12, 2018 1:19 pm

Awesome, thank you for the clarification. :D

TiagoGuedesEGo1
Posts:1
Joined:Fri Mar 26, 2021 11:08 am

Re: What is considered a duplicate?

Post by TiagoGuedesEGo1 » Tue Apr 13, 2021 6:05 pm

x1admin wrote:
Fri Jan 12, 2018 8:01 am
RiceNinja248 wrote:
Thu Jan 11, 2018 5:14 pm
If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates?
no
I apologize for reviving an old Thread but I have a follow up question to this. What if the owner is the same?

We recently joined OpenBugBounty and we published all of our Domains as wildcards (maybe that was a mistake on our end but not everything is the same site/platform).

What's happening is we are having Reporters posting over 10+ reports for the same Wordpress exploit but on different subdomains. After we are made aware of that exploit we will be fixing it on all Wordpresses, but how should these reports be handled? it's the exact same exploit as all the Wordpresses are on the same version.

Best Regards.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest