FreshDesk is still vulnerable about can-i-take-over-xyz HOT 12 OPEN

They now seem to require validation through adding a DNS record. I don't think takeover is still possible. If there's some way around the verification, I'm all ears.

from can-i-take-over-xyz.

Thank you for raising this issue, @m7mdharoun. @codingo, we really need to look into FreshDesk at some point.

from can-i-take-over-xyz.

@EdOverflow @codingo I want to add : when you sign up at freshdesk you will get any subdomain ex : mysubdomain.freshdesk.com you can request to change your subdomain to any avialable subdomain by only Freshdesk support. ( freshdesk allow this )

from can-i-take-over-xyz.

is this still vulnerable @m7mdharoun @EdOverflow

from can-i-take-over-xyz.

freshdesk is not vulnerable @EdOverflow

https://support.freshdesk.com/support/solutions/articles/37590-using-a-vanity-support-url-and-pointing-the-cname

from can-i-take-over-xyz.

No one thinks about close this "2-years club" issue

from can-i-take-over-xyz.

I think I was able to takeover. So its still vulnerable

from can-i-take-over-xyz.

@justforhack, the way the project works is that "Issues" are not in fact used for their intended purpose. This has turned more into a forum of sorts for people to discuss specific services within issue tickets. Closing issue tickets makes them slightly less discoverable which is undesirable. In other words, there is no "fix" for these issues as you might typically see on GitHub—these are merely posts and discussions.

from can-i-take-over-xyz.

Okay man!!

(I thought my comment was disappeared from this world, a long time ago...)

from can-i-take-over-xyz.

https://www.youtube.com/watch?v=eph0PaccRP0

from can-i-take-over-xyz.

Hello Guys,
Is there still freshdesk cname is vulnerable to subdomain takeover.

from can-i-take-over-xyz.

FreshDesk Subdomain Takeover is Vulnerable or not any verification is required

from can-i-take-over-xyz.