Closed riramar closed 5 years ago
<p title=” <style onload= alert(document.domain)//"> {/all/color/all/:/all/#f78fb3/all/;} .qmbox .qmbox .qmbox {color:#f78fb3;}
Any updates? I've found a error page on a program Bug Bounty but when i going to create, it returns the message:
Domain 'blahblah.com' is already taken by another customer
Any updates? I've found a error page on a program Bug Bounty but when i going to create, it returns the message:
Domain 'blahblah.com' is already taken by another customer
This mean blahblah.com
Not Vulnerable to takeover.
Is there no way to bypass these errors..?
Domain 'socialcodia.facebook.com' is already taken by another customer.
this domain seems has register buy others ------------------ 原始邮件 ------------------ 发件人: "EdOverflow/can-i-take-over-xyz" @.>; 发送时间: 2022年3月8日(星期二) 上午7:23 @.>; @.**@.>; 主题: Re: [EdOverflow/can-i-take-over-xyz] Fastly Restrictions (#22)
Is there no way to bypass these errors..?
Domain 'socialcodia.facebook.com' is already taken by another customer.
— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you commented.Message ID: @.***>
Just made a takeover.
Target was
test.target.com
. CNAME toglobal.prod.fastly.net
When i open URL, it says
Fastly error: unknow domain: test-example.s3.amazonaws.com. Please check that this domain has been added to a service. Details: cache-blalala
- Create new delivery service
- Name
test-example.s3.amazonaws.com
- Host is my VPS
Worked
I got the same page in www-TARGET-com.TARGET.com
BUT I didn't understand your tips and I don't know where (Create new delivery service) and the other tips can you please explain it more deeper my Twitter:_2os5
<p title=” <style onload= alert(document.domain)//"> {/all/color/all/:/all/#f78fb3/all/;} .qmbox .qmbox .qmbox {color:#f78fb3;}
Is it still possible to takeover CNAME pointing to map.fastly.net? Eg : target.com --> target.com.map.fastly.net Please provide steps if possible. I am getting only target.com.global.prod.fastly.net
Is it still possible to takeover CNAME pointing to map.fastly.net? Eg : target.com --> target.com.map.fastly.net Please provide steps if possible. I am getting only target.com.global.prod.fastly.net
No you can only add domain
and Fastly choose the name for your domain.
Even you able to takeover target.com.map.fastly.net
Services won't Run until you add Domain
I think Fastly is no more vulnerable for subdomain takeover .
@sawravchy I think this is still an edge case - as described by @mohamed-faris , his example still works:
Ok got it. Thanks for clarifying this.
fastly error for somthing.target.com is not vulnerable But somthing.target.in was is vulnerable. can i report
hi @m7mdharoun , i used subjack tool and find 5 domain which are showing FASTLY . can vulnerable
Hii @m7mdharoun my custom domain is saved but i get this " Domain does not resolve to the GitHub Pages server" pls help me
Just made a takeover. Thank you mate @mohamed-faris
I just tried with 600 domains giving the fingerprint, none of them resulted in a takeover.
@vaadataa I confirm this too last month I takeover 4 subdomains pointing to
Fastly
Steps for takeover here Guys with video you can find it here https://www.mohamedharon.com/2019/06/can-i-takeover-xyz-steps.html
the link is not working!!
fastly is an edge case its still vuln when none claimed domain tested on a live target http://live.pandora.com
In my case, when I visited the site redacted.com, I got error Fastly error: unknown domain: redacted.global.ssl.fastly.net. Please check blah blah blah. Gone to Fastly.com -> CDN -> CDN services -> New service -> Domain: redacted.global.ssl.fastly.net. It allowed me to add this as domain so I took over the domain.
Fastly will work only in some specific situations. In some cases they validate the customer domain before assign the fastly.net subdomain.
https://docs.fastly.com/guides/securing-communications/managing-domains-on-tls-certificates#verifying-domain-ownership