search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.83k stars 715 forks source link

Subdomain takeover using https://tilda.cc/ #155

Open m0ns7er opened 4 years ago

m0ns7er commented 4 years ago

Service name

https://tilda.cc/

Proof

https://hackerone.com/reports/894657

Documentation

Subdomains which are pointing to tilda.cc,and has a unclaimed DNS record are vulnerable for subdomain-takeover.

Reference

https://help.tilda.ws/customdomain#:~:text=Navigate%20to%20the%20Site%20Settings,in%20the%20right%20upper%20corner.

pdelteil commented 3 years ago

I just took over one Tilda domain.

This is the error message

Screenshot from 2021-04-03 23-12-39

pdelteil commented 3 years ago

I found one with another error message

"Please renew your subscription". In this case is not possible to take over the subdomain.

Screenshot from 2021-05-06 23-26-58