How to get less duplicates


#1

Hi guys,
i’ve started bug hunting 8 months ago and my skills are really getting better but i have a problem…3 days ago i submitted 1 P1, 9 P2, 3 P3 reports in one day which probably was going to put me in the top10 in the monthly rank for june but until now 7 of them are duplicates.

Any advices for getting less duplicates ?


#2

That’s really impressive.
I also just started out but my little advice is that you should let go off vulnerability scanners.
Try out business logic flaws since they’re hard to come by but you’ll have less dups.
I hope my little advice helps. :wink:


#3

Hi 3la2,

first of all: welcome to bug bounties! Reporting duplicates is part of the “job”!
I think if it was easy for you to find those vulnerabilities maybe it was easy for someone else too, but the time zone difference favor the other person :unamused:. Another problem is that some (most?) companies take too long to fix bugs. So, let’s say someone or many reported the same bugs you reported 5 months ago, the bugs are going to be there but not way to know if were reported or not unless you report them.
Anyway, some advice from my short experience: keep looking for bugs :slight_smile:, there is not other way. Just go sleep and return the other day to - hopefully - find more bugs.

Best!


#4

Hi 3la2!

Your Question is Really Good.To Prevent from Duplicates I Prefer you to not to use Vulnerabillity Scanners Because Every third Hacker Has This.Second I want you to Find some Logical Bugs That are not so Common like Xss,SQLI and Etc.On The Other Hand I want you to Explore The bug You Find Like u find Stored Xss Try to Exploit it as much u can So it maybe Changed into RCE.

Thanks,
ABDULWAHAB


#5

Please tell me how to get less duplicates using XSS,SQL on the site hp printer support I am new in penetration testing and I want to learn more.