Comments (3)
Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?
Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?
Edit: I tried testing the above out and I got the following error:
Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service
from can-i-take-over-xyz.
Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?
Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?
Edit: I tried testing the above out and I got the following error:
Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service
- login into your fastly account
- go into CDN services
- create a new service
- go to Service configuration / Domains
- add your vuln subdomain there (SubtakeoverPOC.Redacted.com)
it will work if none already have it added
from can-i-take-over-xyz.
Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?
Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?
Edit: I tried testing the above out and I got the following error:
Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service
i used subzy to scan many subdomains and it popped as vuln (live.pandora.com [ FASTLY ]) so i did the steps that i sent and worked
ps; the takeover could be false i think when origin is not reached fastly will give same error as not claimed
from can-i-take-over-xyz.
Related Issues (20)
- (Page Not Found) pointing to cdne-myjls-admin-int.azureedge.net ( IS THIS VULNERABLE??)
- is this vulnerable?
- Is mailgun.org still vulnerable?? HOT 4
- (404 Web Site not found) Microsoft Azure vulnerable?
- Is fillout.com vulnerable?
- Gemfury fingerprint is very prone to false positiver HOT 1
- cannot set a custom domain at this time.
- squadcast subdomain takeover
- Okta is NOT vulnerable
- Helpscout subdomain takeover HOT 1
- stage-portal Canada Dns? HOT 3
- Subdomain takeover via helpdocs.io
- Subdomain Takeover via Gohire HOT 2
- Does "Sorry, this store is currently unavailable" mention to shopify subdomain takeover? HOT 7
- Subdomain takeover
- Subdomain HOT 1
- Vulunreable or not.. 404 error it will be saying in here .. HOT 2
- Discoure "trydiscourse.com" subdomain doesn't vulnerable
- Unable to determine the correct region to create S3 bucket for subdomain takeover. HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from can-i-take-over-xyz.