I have submitted a bunch of sites, and basically all of them went from pending to Manual
Checking.
As I understand it, there is supposed to be some sort of automatic verification.
How can I improve my submissions so that they have a higher chance of being automatically approved?
It didnt seem to make a difference when I posted the straight url including payload vs url + POST parameters x=payload
Manual verification sounds like kind of a pain for the moderators.. so if I can make less of those it would be great!
Tips and tricks appreciated!
How to avoid Manual Checking?
Re: How to avoid Manual Checking?
1. use <script>alert("OPENBUGBOUNTY");</script> payload
2. don't write anything into POST Data input for GET requests
2. don't write anything into POST Data input for GET requests
-
- Posts:1
- Joined:Mon Jul 15, 2019 7:10 pm
-
- Posts:9
- Joined:Thu Sep 14, 2017 10:13 pm
Re: How to avoid Manual Checking?
I usually go with <svg onload=alert`OPENBUGBOUNTY`> (using the ` around OBB instead of ")
It fires more times than with script and (" But Ill make sure to try out the old trusty script alert you posted when success is identified!
Thanks for input!
It fires more times than with script and (" But Ill make sure to try out the old trusty script alert you posted when success is identified!
Thanks for input!
-
- Posts:9
- Joined:Thu Sep 14, 2017 10:13 pm
Re: How to avoid Manual Checking?
Just to add some more input into this:
When I copy from the url bar and paste it into the report field my payload becomes this ->
domain/?s=%22%3E%3Csvg%20onload=alert`OPENBUGBOUNTY`%3E
which makes it into a "manual check"
when I post a straight domain/?s="><svg onload=alert`OPENBUGBOUNTY`> it auto checks.
maybe it would be possible to add a little decoder button under the URL1 field? just to make it easier?
something like ->
<script type="text/javascript">
function decode() {
var obj = document.getElementById('url1');
var encoded = obj.value;
obj.value = decodeURIComponent(encoded.replace(/\+/g, " "));
}
</script>
<input type="button" onclick="decode()" value="Decode">
Should be able to decrease the amount of manual checks right?
When I copy from the url bar and paste it into the report field my payload becomes this ->
domain/?s=%22%3E%3Csvg%20onload=alert`OPENBUGBOUNTY`%3E
which makes it into a "manual check"
when I post a straight domain/?s="><svg onload=alert`OPENBUGBOUNTY`> it auto checks.
maybe it would be possible to add a little decoder button under the URL1 field? just to make it easier?
something like ->
<script type="text/javascript">
function decode() {
var obj = document.getElementById('url1');
var encoded = obj.value;
obj.value = decodeURIComponent(encoded.replace(/\+/g, " "));
}
</script>
<input type="button" onclick="decode()" value="Decode">
Should be able to decrease the amount of manual checks right?
Who is online
Users browsing this forum: No registered users and 2 guests