Hello dear Huntr team
I hope you always have a great and nice days
bundling feature is a good idea in my opinion but there is somethings as a security researcher that bothering me :
1.If a application ( mostly web apps ) already has a good and strong XSS protection then I found a XSS on it I will get a full bounty amount but there is a problem!!! for finding second XSS I should searching more and more as this will be exist harder finding procedure after first one that I found before OR The second XSS get my time as same as first one but give me only the 20% of first one
2.The same issue like 1 but for CSRFs that assume a App that already have a good CSRF protection and I found two CSRFs in it and this take my time for every of them 30 min (totally 1h)
in these situation we can find out that if there isn't any side-wide CSRF or XSS this can be very hard to trying to find second same kind of a vulnerability
some other situation like recent VIM report I can guess that the current bundling system can be make a big loss in motivation of security researchers as for A bug like BOF if we want to find a second one for it we should put 4x more time for finding second BOF rather than the first BOF with only 20% of real bounty.
Hello dear Huntr team
I hope you always have a great and nice days
bundling feature is a good idea in my opinion but there is somethings as a security researcher that bothering me :
1.If a application ( mostly web apps ) already has a good and strong XSS protection then I found a XSS on it I will get a full bounty amount but there is a problem!!! for finding second XSS I should searching more and more as this will be exist harder finding procedure after first one that I found before OR The second XSS get my time as same as first one but give me only the 20% of first one
2.The same issue like 1 but for CSRFs that assume a App that already have a good CSRF protection and I found two CSRFs in it and this take my time for every of them 30 min (totally 1h)
in these situation we can find out that if there isn't any side-wide CSRF or XSS this can be very hard to trying to find second same kind of a vulnerability
some other situation like recent VIM report I can guess that the current bundling system can be make a big loss in motivation of security researchers as for A bug like BOF if we want to find a second one for it we should put 4x more time for finding second BOF rather than the first BOF with only 20% of real bounty.