前言
国内的子域名接管漏洞比较少
今天遇到一个pagewiz的网站疑似存在子域名接管,然后去尝试了一下,失败了,所以觉得还是有必要先占个位,等以后遇到成功案例再写
核心
copy自:https://github.com/EdOverflow/can-i-take-over-xyz
| Engine | Status | Fingerprint | Discussion | Documentation |
|---|---|---|---|---|
| Acquia | Not vulnerable | Web Site Not Found |
Issue #103 | |
| Agile CRM | Vulnerable | Sorry, this page is no longer available. |
Issue #145 | |
| Airee.ru | Vulnerable | Issue #104 | ||
| Anima | Vulnerable | If this is your website and you've just created it, try refreshing in a minute |
Issue #126 | Anima Documentation |
| Akamai | Not vulnerable | Issue #13 | ||
| AWS/S3 | Vulnerable | The specified bucket does not exist |
Issue #36 | |
| AWS/Load Balancer (ELB) | Not Vulnerable | status NXDOMAIN and CNAME pointing to XYZ.elb.amazonaws.com | Issue #137 | |
| Bitbucket | Vulnerable | Repository not found |
||
| Campaign Monitor | Vulnerable | Trying to access your account? |
Support Page | |
| Cargo Collective | Vulnerable | 404 Not Found |
Issue #152 | Cargo Support Page |
| Cloudfront | Not vulnerable | ViewerCertificateException | Issue #29 | Domain Security on Amazon CloudFront |
| Desk | Not vulnerable | Please try again or try Desk.com free for 14 days. |
Issue #9 | |
| Digital Ocean | Vulnerable | Domain uses DO name serves with no records in DO. | ||
| Discourse | Vulnerable | Hackerone | ||
| Fastly | Edge case | Fastly error: unknown domain: |
Issue #22 | |
| Feedpress | Not vulnerable | The feed has not been found. |
Issue #80 | |
| Firebase | Not vulnerable | Issue #128 | ||
| Fly.io | Vulnerable | 404 Not Found |
Issue #101 | |
| Freshdesk | Not vulnerable | We couldn't find servicedesk.victim.tld Maybe this is still fresh! You can claim it now at http://www.freshservice.com/signup |
Issue #214 | Freshdesk Support Page |
| Gemfury | Vulnerable | 404: This page could not be found. |
Issue #154 | Article |
| Ghost | Vulnerable | The thing you were looking for is no longer here, or never was |
||
| Github | Vulnerable | There isn't a GitHub Pages site here. |
Issue #37 Issue #68 | |
| Gitlab | Not vulnerable | HackerOne #312118 | ||
| Google Cloud Storage | Not vulnerable | NoSuchBucketThe specified bucket does not exist. |
||
| HatenaBlog | vulnerable | 404 Blog is not found |
||
| Help Juice | Vulnerable | We could not find what you're looking for. |
Help Juice Support Page | |
| Help Scout | Vulnerable | No settings were found for this company: |
HelpScout Docs | |
| Heroku | Edge case | No such app |
Issue #38 | |
| HubSpot | Not vulnerable | This page isn’t available |
||
| Instapage | Not vulnerable | Issue #73 | ||
| Intercom | Vulnerable | Uh oh. That page doesn't exist. |
Issue #69 | Help center |
| JetBrains | Vulnerable | is not a registered InCloud YouTrack |
YouTrack InCloud Help Page | |
| Key CDN | Not vulnerable | Issue #112 | ||
| Kinsta | Vulnerable | No Site For Domain |
Issue #48 | kinsta-add-domain |
| Landingi | Edge case | It looks like you’re lost... |
Issue #117 | |
| LaunchRock | Vulnerable | It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us. |
Issue #74 | |
| Mashery | Edge Case | Unrecognized domain |
HackerOne #275714, Issue #14 | |
| Microsoft Azure | Vulnerable | Issue #35 | ||
| Netlify | Edge Case | Not Found - Request ID: |
Issue #40 | |
| Ngrok | Vulnerable | Tunnel *.ngrok.io not found |
Issue #92 | Ngrok Documentation |
| Pantheon | Vulnerable | 404 error unknown site! |
Issue #24 | Pantheon-Sub-takeover |
| Pingdom | Vulnerable | Sorry, couldn't find the status page |
Issue #144 | Support Page |
| Readme.io | Vulnerable | Project doesnt exist... yet! |
Issue #41 | |
| Sendgrid | Not vulnerable | |||
| Shopify | Edge Case | Sorry, this shop is currently unavailable. |
Issue #32, Issue #46 | Medium Article |
| Short.io | Vulnerable | Link does not exist |
Issue #260 | |
| SmartJobBoard | Vulnerable | This job board website is either expired or its domain name is invalid. |
Issue #139 | Support Page |
| Smartling | Edge Case | Domain is not configured |
Issue #67 | |
| Squarespace | Not vulnerable | |||
| Statuspage | Not Vulnerable | Status page pushed a DNS verification in order to prevent malicious takeovers what they mentioned in This Doc |
PR #105 and PR #171 | Statuspage documentation |
| Strikingly | Vulnerable | page not found |
Issue #58 | Strikingly-Sub-takeover |
| Surge.sh | Vulnerable | project not found |
Surge Documentation | |
| Tumblr | Vulnerable | Whatever you were looking for doesn't currently exist at this address |
Issue #240 | Tumblr Custom Domains |
| Tilda | Edge Case | Please renew your subscription |
Issue #155PR #20 | |
| Uberflip | Vulnerable | Non-hub domain, The URL you've accessed does not provide a hub. |
Issue #150 | Uberflip Documentation |
| Unbounce | Not Vulnerable | The requested URL was not found on this server. |
Issue #11 | |
| Uptimerobot | Vulnerable | page not found |
Issue #45 | Uptimerobot-Sub-takeover |
| UserVoice | Vulnerable | This UserVoice subdomain is currently available! |
||
| Webflow | Edge Case | The page you are looking for doesn't exist or has been moved. |
Issue #44 | forum webflow |
| Wix | Edge Case | Looks Like This Domain Isn't Connected To A Website Yet! |
Issue #231 | |
| Wordpress | Vulnerable | Do you want to register *.wordpress.com? |
||
| Worksites | Vulnerable | Hello! Sorry, but the website you’re looking for doesn’t exist. |
Issue #142 | |
| WP Engine | Not vulnerable | |||
| Zendesk | Not vulnerable | Help Center Closed |
Issue #23 | Zendesk Support |