Open Bug Bounty Community Forum

Hi there! I'm fairly new here and have a clarification question regarding duplicates/clones.

If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates? I assume it would be acceptable as the only way to notify all the site owners is to report each site separately but wanted to confirm that this is the case before I submit.

As an example, I'm referring more to situations like Scenario A than Scenario B.

A) scrubshop.weebly.com
bigbadbully.weebly.com
tastyhushpuppies.weebly.com


B) shop.scrubshop.com
deals.scrubshop.com
jobs.scrubshop.com

RiceNinja248 wrote: ↑

Thu Jan 11, 2018 5:14 pm

If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates?

no

thanks for the clarification.

Awesome, thank you for the clarification.

x1admin wrote: ↑

Fri Jan 12, 2018 8:01 am

RiceNinja248 wrote: ↑

Thu Jan 11, 2018 5:14 pm

If a vulnerability exists on multiple sites with the same domain but different sub-domains and the owner of each site is different, would the submissions be considered duplicates?

no

I apologize for reviving an old Thread but I have a follow up question to this. What if the owner is the same?

We recently joined OpenBugBounty and we published all of our Domains as wildcards (maybe that was a mistake on our end but not everything is the same site/platform).

What's happening is we are having Reporters posting over 10+ reports for the same Wordpress exploit but on different subdomains. After we are made aware of that exploit we will be fixing it on all Wordpresses, but how should these reports be handled? it's the exact same exploit as all the Wordpresses are on the same version.

Best Regards.