Is it common for bug bounty hunters to use exploits found in one site, on other sites?

Hi all,

Apologies for the silly question, new to this world and going through the list of bugs today, got me wondering. If I find a bug in lets say in Jinja2 on site A, is it valid to go through site B,C,D… looking for the same vulnerability and submit independent bugs(if found) in each one of them?


Hi Jacint,

Yep, that’s totally possible and it is a common tactic amongst bug hunters. For instance, @fransrosen found a sub-domain takeover exploit in one company and then found in several others. I think he made several tens of thousands off of that bug :slight_smile:

1 Like

Hi everyone
My apologies for asking this
here I have found an an sub domain takeover error like (fastly error: unknown domain check is added to service) after seeing that I reported to bounty program and they said that there is nothing like that .

Here the problem why I haven’t gained that sub domain is I dont have money to register an account to host that domain

But i m in dilemma whether the sub domain is vulnerable or not is any other way to confirm that it is vulnerable to take over without hosting it
Can I host on other service a free hosting site to check either it is vulnerable or not

And sorry it is last point to be cleared do the above (fastly error) occurs even there is no vulnerability like sub domain take over

And huge thanks for reading all this
Waiting for replay
Thank you guys :heart_eyes: