Comments (12)
They now seem to require validation through adding a DNS record. I don't think takeover is still possible. If there's some way around the verification, I'm all ears.
from can-i-take-over-xyz.
Thank you for raising this issue, @m7mdharoun. @codingo, we really need to look into FreshDesk at some point.
from can-i-take-over-xyz.
@EdOverflow @codingo I want to add : when you sign up at freshdesk you will get any subdomain ex : mysubdomain.freshdesk.com you can request to change your subdomain to any avialable subdomain by only Freshdesk support. ( freshdesk allow this )
from can-i-take-over-xyz.
is this still vulnerable @m7mdharoun @EdOverflow
from can-i-take-over-xyz.
freshdesk is not vulnerable @EdOverflow
from can-i-take-over-xyz.
No one thinks about close this "2-years club" issue
from can-i-take-over-xyz.
I think I was able to takeover. So its still vulnerable
from can-i-take-over-xyz.
@justforhack, the way the project works is that "Issues" are not in fact used for their intended purpose. This has turned more into a forum of sorts for people to discuss specific services within issue tickets. Closing issue tickets makes them slightly less discoverable which is undesirable. In other words, there is no "fix" for these issues as you might typically see on GitHub—these are merely posts and discussions.
from can-i-take-over-xyz.
Okay man!!
(I thought my comment was disappeared from this world, a long time ago...)
from can-i-take-over-xyz.
https://www.youtube.com/watch?v=eph0PaccRP0
from can-i-take-over-xyz.
Hello Guys,
Is there still freshdesk cname is vulnerable to subdomain takeover.
from can-i-take-over-xyz.
FreshDesk Subdomain Takeover is Vulnerable or not any verification is required
from can-i-take-over-xyz.
Related Issues (20)
- How to inject page to domain with ns godaddy and a record from inmotion?
- Github DNS Check Successful Error HOT 1
- Better Uptime HOT 2
- splashthat.com not vulnerable
- Subdomain Takeover via Refined.com service
- Fingerprints file is no longer being generated
- Subdomain takeover via bubble.io
- Is salesforcce subdomains are vulnerable to takeover
- heroku deploying doesn't work
- Squarespace ( is this possible for subdomain takeover) HOT 2
- Few services that are not being detected on can-i-take-over-xyz HOT 1
- Squarespace Subdomain Takeover on EdgeCase as Domain Not Claimed HOT 1
- (Page Not Found) pointing to cdne-myjls-admin-int.azureedge.net ( IS THIS VULNERABLE??)
- is this vulnerable?
- Is mailgun.org still vulnerable?? HOT 4
- (404 Web Site not found) Microsoft Azure vulnerable?
- Is fillout.com vulnerable?
- Gemfury fingerprint is very prone to false positiver HOT 1
- cannot set a custom domain at this time.
- squadcast subdomain takeover
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from can-i-take-over-xyz.