Closed HolyBugx closed 1 year ago
Something else I just realized:
For some programs, the parser has removed the * and replaced it with http scheme.
Example: https://bugcrowd.com/linktree-mbb-og
*.filestack.com
*.freshdesk.com
*.blstr.xyz
*.blstr.co
This is not only limited to the OOS, but also the main scopes:
Example: https://bugcrowd.com/kaleido
*.remove.bg
*.designify.com
*.kaleido.ai
*.unscreen.com
Best regards, HolyBugx
Hi again,
I spent some time today and found the core of this issue.
I believe that this pull request is the problem maker.
Although this is shown not to be merged, it actually is working on the server.
The commit improperly uses an ||
operator, which results in the bug.
Here is an example of the unparsed null JSON arrays:
Here is an example of unparsed *
domains:
To fix this, simply revert the pull request to the original state.
Kind regards, @HolyBugx
[Intigriti] There is not a single OOS domain for Intigriti: https://github.com/arkadiyt/bounty-targets-data/blob/main/data/intigriti_data.json
Intigriti does not provide out of scope domains in a structured way
[Bugcrowd] The OOS domains are improperly scraped with empty JSON objects. e.g.
This should be fixed now
Hi,
With the recent updates, the parser is now invalidly parsing the OOS domains.
[Intigriti]
There is not a single OOS domain for Intigriti: https://github.com/arkadiyt/bounty-targets-data/blob/main/data/intigriti_data.json
If you check any program, no valid OOS domain is scraped for it.
[Bugcrowd]
The OOS domains are improperly scraped with empty JSON objects. e.g.
and
--
In addition, I believe this is one of the main commits that removed lots of OOS domains:
https://github.com/arkadiyt/bounty-targets-data/commit/b559c43b924d87f76c18697ce204c8a9533a8f26
Best regards, HolyBugx