Can 1 Induce Got Over Xyz? - A Listing Of Services As Well As How To Claim (Sub)Domains Amongst Dangling Dns Records
What is a subdomain takeover?
Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an assaulter to ready a page on the service that was beingness used as well as indicate their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page as well as the user decided to delete their GitHub page, an assaulter tin immediately practice a GitHub page, add together a CNAME file containing subdomain.example.com, as well as claim subdomain.example.com.You tin read upwards to a greater extent than most subdomain takeovers here:
- https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
- https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
- https://0xpatrik.com/subdomain-takeover-ns/
Safely demonstrating a subdomain takeover
Based on personal experience, claiming the subdomain discreetly as well as serving a harmless file on a hidden page is commonly plenty to demonstrate the safety vulnerability. Do non serve content on the index page. Influenza A virus subtype H5N1 expert proof of concept could consist of an Please move advised that this depends on what põrnikas bounty programme yous are targeting. When inwards doubt, delight refer to the põrnikas bounty program's safety policy and/or asking clarifications from the squad behind the program.
How to contribute
You tin submit novel services here: https://github.com/EdOverflow/can-i-take-over-xyz/issues/new?template=new-entry.md.
Influenza A virus subtype H5N1 listing of services that tin move checked (although cheque for duplicates against this listing first) tin move works life here: https://github.com/EdOverflow/can-i-take-over-xyz/issues/26.
All entries
Engine | Status | Fingerprint | Discussion | Documentation |
---|---|---|---|---|
Akamai | Not vulnerable | Issue #13 | ||
AWS/S3 | Vulnerable | The specified bucket does non exist | Issue #36 | |
Bitbucket | Vulnerable | Repository non found | ||
Campaign Monitor | Vulnerable | 'Trying to access your account?' | Support Page | |
Cargo Collective | Vulnerable | 404 Not Found | Cargo Support Page | |
Cloudfront | Not vulnerable | ViewerCertificateException | Issue #29 | Domain Security on Amazon CloudFront |
Desk | Not vulnerable | Please endeavour in ane lawsuit to a greater extent than or endeavour Desk.com gratis for fourteen days. | Issue #9 | |
Fastly | Edge case | Fastly error: unknown domain: | Issue #22 | |
Feedpress | Vulnerable | The feed has non been found. | HackerOne #195350 | |
Fly.io | Vulnerable | 404 Not Found | Issue #101 | |
Freshdesk | Not vulnerable | Freshdesk Support Page | ||
Ghost | Vulnerable | The matter yous were looking for is no longer here, or never was | ||
Github | Vulnerable | There isn't a Github Pages site here. | Issue #37 Issue #68 | |
Gitlab | Not vulnerable | HackerOne #312118 | ||
Google Cloud Storage | Not vulnerable | |||
HatenaBlog | vulnerable | 404 Blog is non found | ||
Help Juice | Vulnerable | We could non reveal what you're looking for. | Help Juice Support Page | |
Help Scout | Vulnerable | No settings were works life for this company: | HelpScout Docs | |
Heroku | Edge case | No such app | Issue #38 | |
Intercom | Vulnerable | Uh oh. That page doesn't exist. | Issue #69 | Help center |
JetBrains | Vulnerable | is non a registered InCloud YouTrack | YouTrack InCloud Help Page | |
Kinsta | Vulnerable | No Site For Domain | Issue #48 | kinsta-add-domain |
LaunchRock | Vulnerable | It looks similar yous may cause got taken a incorrect plough somewhere. Don't worry...it happens to all of us. | Issue #74 | |
Mashery | Edge Case | Unrecognized domain | HackerOne #275714, Issue #14 | |
Microsoft Azure | Vulnerable | Issue #35 | ||
Netlify | Edge Case | Issue #40 | ||
Pantheon | Vulnerable | 404 fault unknown site! | Issue #24 | Pantheon-Sub-takeover |
Readme.io | Vulnerable | Project doesnt exist... yet! | Issue #41 | |
Sendgrid | Not vulnerable | |||
Shopify | Edge Case | Sorry, this store is currently unavailable. | Issue #32, Issue #46 | Medium Article |
Squarespace | Not vulnerable | |||
Statuspage | Vulnerable | Visiting the subdomain volition redirect users to https://www.statuspage.io. | PR #105 | Statuspage documentation |
Strikingly | Vulnerable | page non found | Issue #58 | Strikingly-Sub-takeover |
Surge.sh | Vulnerable | project non found | Surge Documentation | |
Tumblr | Vulnerable | Whatever yous were looking for doesn't currently be at this address | ||
Tilda | Edge Case | Please renew your subscription | PR #20 | |
Unbounce | Not vulnerable | The requested URL was non works life on this server. | Issue #11 | |
Uptimerobot | Vulnerable | page non found | Issue #45 | Uptimerobot-Sub-takeover |
UserVoice | Vulnerable | This UserVoice subdomain is currently available! | ||
Webflow | Not Vulnerable | Issue #44 | forum webflow | |
Wordpress | Vulnerable | Do yous desire to register *.wordpress.com? | ||
WP Engine | Not vulnerable | |||
Zendesk | Not Vulnerable | Help Center Closed | Issue #23 | Zendesk Support |