Comments (15)
Hello @codingo
I managed to takeover a subdomain, I had this fingerprint "Only one step left!
To finish setting up your new web address, go to your domain settings, click "Add existing domain", and enter: yourdomainname
Verify if the name of the store is available or not
Add your domain without the www's under Online store > Domains.
from can-i-take-over-xyz.
This isn't really a new fingerprint, it's an edge case. Tested this now and it requires the store to be created, but never linked to the domain. Even if the shop is in the portal with a status of "not connected" (i.e. added to any account in advance of DNS), it can not be taken over.
Going to call this an edge case since there's some truth to it, but I think it's a fairer assessment to say it's not vulnerable as it's such an unlikely scenario that somebody would point DNS before adding their domain into their account.
from can-i-take-over-xyz.
Just took over a subdomain with "Only one step left" fingerprint. Same procedure as Mouja0412
from can-i-take-over-xyz.
Shopify is Still Vulnerable ❤️
from can-i-take-over-xyz.
"Upon visiting the domain, I received the message "Sorry, this store is currently unavailable." However, Shopify indicates that the same domain, flagged as vulnerable to takeover by Nuclei, is currently in use. Can someone clarify this discrepancy and its implications for subdomain takeover?
from can-i-take-over-xyz.
Resolved in #52
from can-i-take-over-xyz.
hello @codingo,
I have found several subdomains that had the fingerprints:
Sorry, this shop is currently unavailable.
But when visiting the CNAME, it showed a perfectly working shop in shopify.
So shop.example.com was giving me "shop is currently unavailable" but when visiting example.myshopify.com it was a perfectly working shop.
Is this still vulnerable?
from can-i-take-over-xyz.
I tookover a domain like the example above as well.
from can-i-take-over-xyz.
I just managed to takeover subdomain with fingerprint "Only one step left!
from can-i-take-over-xyz.
I did the same as explained above ? will this be accepted?
from can-i-take-over-xyz.
I recently had a subdomain takeover on Shopify as well as described above
from can-i-take-over-xyz.
Date: 04/09/2022
I takeover one.
from can-i-take-over-xyz.
I take over a subdomain called: https://shop.target.de/
and It has all the mentioned fingerprints.
from can-i-take-over-xyz.
.
from can-i-take-over-xyz.
Shopify is not vulnerable to Subdomain Takeover anymore right? Because i faced this message in the photo, when i tried to takeover a subdomains
from can-i-take-over-xyz.
Related Issues (20)
- Is mailgun.org still vulnerable?? HOT 4
- (404 Web Site not found) Microsoft Azure vulnerable?
- Is fillout.com vulnerable?
- Gemfury fingerprint is very prone to false positiver HOT 1
- cannot set a custom domain at this time.
- squadcast subdomain takeover
- Okta is NOT vulnerable
- Helpscout subdomain takeover HOT 1
- stage-portal Canada Dns? HOT 3
- Subdomain takeover via helpdocs.io
- Subdomain Takeover via Gohire HOT 2
- Does "Sorry, this store is currently unavailable" mention to shopify subdomain takeover? HOT 7
- Subdomain takeover
- Subdomain HOT 1
- Vulunreable or not.. 404 error it will be saying in here .. HOT 2
- Discoure "trydiscourse.com" subdomain doesn't vulnerable
- fastly is vuln HOT 3
- if a website has CNAME that points to <random>.awsglobalaccelerator.com . Is it possible to takeover it ?
- Subdomain takeover using mintlify.com HOT 2
- Subdomain takeover using ning.com
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from can-i-take-over-xyz.