Hi there! I'm fairly new here and have a clarification question regarding duplicates/clones.
If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates? I assume it would be acceptable as the only way to notify all the site owners is to report each site separately but wanted to confirm that this is the case before I submit.
As an example, I'm referring more to situations like Scenario A than Scenario B.
A) scrubshop.weebly.com
bigbadbully.weebly.com
tastyhushpuppies.weebly.com
B) shop.scrubshop.com
deals.scrubshop.com
jobs.scrubshop.com
What is considered a duplicate?
Re: What is considered a duplicate?
noRiceNinja248 wrote: ↑Thu Jan 11, 2018 5:14 pmIf a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates?
-
- Posts:10
- Joined:Sat Dec 24, 2016 4:20 pm
Re: What is considered a duplicate?
thanks for the clarification.
-
- Posts:16
- Joined:Thu Oct 12, 2017 2:26 pm
Re: What is considered a duplicate?
Awesome, thank you for the clarification.
-
- Posts:1
- Joined:Fri Mar 26, 2021 11:08 am
Re: What is considered a duplicate?
I apologize for reviving an old Thread but I have a follow up question to this. What if the owner is the same?x1admin wrote: ↑Fri Jan 12, 2018 8:01 amnoRiceNinja248 wrote: ↑Thu Jan 11, 2018 5:14 pmIf a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates?
We recently joined OpenBugBounty and we published all of our Domains as wildcards (maybe that was a mistake on our end but not everything is the same site/platform).
What's happening is we are having Reporters posting over 10+ reports for the same Wordpress exploit but on different subdomains. After we are made aware of that exploit we will be fixing it on all Wordpresses, but how should these reports be handled? it's the exact same exploit as all the Wordpresses are on the same version.
Best Regards.
Who is online
Users browsing this forum: No registered users and 2 guests