search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.89k stars 718 forks source link

Acquia Takeover #103

Open KeepWannabe opened 5 years ago

KeepWannabe commented 5 years ago

Can i Takeover via acquia ?

image

random-robbie commented 5 years ago

I am currently struggling with this as it creates random subdomains so far and i am not looking to upgrade to find out about the prod.

mcipekci commented 4 years ago

This is not vulnerable because of following reasons:

  1. Acquia generates a generic unique IP address for customers when creating environment.
  2. Since IP address is unique, you must either spam creating environments yet it's still unclear and each creation process takes around 30 minutes.
  3. To enable adding custom domain feature, you must subscribe for it and it's way too much costly, while they do not directly charge you, it's still not worth because of unclear state of IP address is being used or not

Let me show you some information with screenshots

As we can see from below Acquia generates unique IP: ipaddress

When adding custom domain Acquia verifies that domain is resolving into IP address they provided you: failed

I also used one of my own domains to verify the state: skima

So basically Acquia is not vulnerable or way over edge case.

bayotop commented 4 years ago

Was digging into this lately and found https://docs.acquia.com/resource/definitions/realm/:

Some common realms include, but aren’t limited to the following:

  • Cloud Platform Enterprise: prod
  • Cloud Platform Professional: devcloud
  • Site Factory: The value can vary for Site Factory subscribers. To identify the correct realm for an Site Factory subscription, contact Acquia support.

Cloud Platform will display the realm for your subscription in the default domain name included with your subscription. For example, a default domain name for a website in an Cloud Platform Professional subscription can be examplesite.devcloud.acquia-sites.com.

It seems that the aforementioned (randomly generated subdomains etc.) is true for "Cloud Platform Professional" customers. Enterprise customers seem to have predictably generated subdomains with a different "realm" — the devcloud vs. prod part in the provided URL.

tldr;

"So basically Acquia is not vulnerable or way over edge case."

whisperer256 commented 3 years ago

What is the CNAME for this service?

FUCKGITHUBS commented 3 years ago

lol (2) txt

FUCKGITHUBS commented 2 years ago

??

Message ID: @.*** com>

OVERPEY commented 2 years ago

how to get free trial on this service ?

shopsaver commented 1 year ago

Hi I have takeover the a acquia cloud subdomain of Starbucks where I get $640 because the domain was disconnected after free trial so only $640 it is a vulnerable subdomain you can use whatweb tool to see the vulnerable if the content has Acquia HTML install something like this then it is 100% vulnerable one Here is one hackerone disclosed report mine report was not published now but there is one

https://hackerone.com/reports/874482

pdelteil commented 10 months ago

Hi I have takeover the a acquia cloud subdomain of Starbucks where I get $640 because the domain was disconnected after free trial so only $640 it is a vulnerable subdomain you can use whatweb tool to see the vulnerable if the content has Acquia HTML install something like this then it is 100% vulnerable one Here is one hackerone disclosed report mine report was not published now but there is one

https://hackerone.com/reports/874482

This is just a dangling subdomain not a takeover.