Is uservoice subdomain takeover possible?

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Creative Commons Attribution 4.0 International

4.87k stars 716 forks source link

Is uservoice subdomain takeover possible? #163

Open 1nc0gn170 opened 4 years ago

1nc0gn170 commented 4 years ago

I have found a program where website its response is 404 and Its Cname is pointing to uservoice.com. I didn't find any registration portal for that site.

;; ANSWER SECTION:
mywebsite.com. 299 IN   CNAME   mywesbsite.uservoice.com.

Screenshot from 2020-08-21 14-44-19

Anyone Help me please

HammyHavoc commented 3 years ago

Wondering this myself as a former UserVoice user. CC @austintaylor @attack7 @hoffoo

hoffoo commented 3 years ago

@n41n4 @HammyHavoc

It is not possible - subdomain cnames are unique and cannot be reused

HammyHavoc commented 3 years ago

@n41n4 @HammyHavoc

It is not possible - subdomain cnames are unique and cannot be reused

Thanks for that! Thought as much. I had somebody reach out asking for a bug bounty reward in exchange for this "information".

pdelteil commented 1 year ago

More info https://hackerone.com/reports/269109