Fastly Restrictions

[riramar]

Fastly will work only in some specific situations. In some cases they validate the customer domain before assign the fastly.net subdomain.

https://docs.fastly.com/guides/securing-communications/managing-domains-on-tls-certificates#verifying-domain-ownership

Verifying domain ownership Any time you request addition of a domain to a certificate, you must verify you own the domain. This helps us ensure no one else is using your domain without your permission.

[Captain0X]

<p title=” <style onload= alert(document.domain)//"> {/all/color/all/:/all/#f78fb3/all/;} .qmbox .qmbox .qmbox {color:#f78fb3;}

[unf0rgvn]

Any updates? I've found a error page on a program Bug Bounty but when i going to create, it returns the message: Domain 'blahblah.com' is already taken by another customer

[m7mdharoun]

Any updates? I've found a error page on a program Bug Bounty but when i going to create, it returns the message: Domain 'blahblah.com' is already taken by another customer

This mean blahblah.com Not Vulnerable to takeover.

[mufazmi]

Is there no way to bypass these errors..?

Domain 'socialcodia.facebook.com' is already taken by another customer.

[Captain0X]

this domain seems has register buy others ------------------ 原始邮件 ------------------ 发件人: "EdOverflow/can-i-take-over-xyz" @.>; 发送时间: 2022年3月8日(星期二) 上午7:23 @.>; @.**@.>; 主题: Re: [EdOverflow/can-i-take-over-xyz] Fastly Restrictions (#22)

Is there no way to bypass these errors..?

Domain 'socialcodia.facebook.com' is already taken by another customer.

— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you commented.Message ID: @.***>

[mohamed-faris]

Just made a takeover.

Target was test.target.com. CNAME to global.prod.fastly.net

When i open URL, it says Fastly error: unknow domain: test-example.s3.amazonaws.com. Please check that this domain has been added to a service. Details: cache-blalala

1. Create new delivery service
2. Name test-example.s3.amazonaws.com
3. Host is my VPS

Worked

I got the same page in www-TARGET-com.TARGET.com

BUT I didn't understand your tips and I don't know where (Create new delivery service) and the other tips can you please explain it more deeper my Twitter:_2os5

[Captain0X]

<p title=” <style onload= alert(document.domain)//"> {/all/color/all/:/all/#f78fb3/all/;} .qmbox .qmbox .qmbox {color:#f78fb3;}

[SandeepkrishnaS]

Is it still possible to takeover CNAME pointing to map.fastly.net? Eg : target.com --> target.com.map.fastly.net Please provide steps if possible. I am getting only target.com.global.prod.fastly.net

[m7mdharoun]

Is it still possible to takeover CNAME pointing to map.fastly.net? Eg : target.com --> target.com.map.fastly.net Please provide steps if possible. I am getting only target.com.global.prod.fastly.net

No you can only add domain and Fastly choose the name for your domain.

Even you able to takeover target.com.map.fastly.net Services won't Run until you add Domain

[sawravchy]

I think Fastly is no more vulnerable for subdomain takeover .

[gister9000]

@sawravchy I think this is still an edge case - as described by @mohamed-faris , his example still works:

[sawravchy]

Ok got it. Thanks for clarifying this.

[vasu4518]

fastly error for somthing.target.com is not vulnerable But somthing.target.in was is vulnerable. can i report

[subhash4x]

hi @m7mdharoun , i used subjack tool and find 5 domain which are showing FASTLY . can vulnerable

[deepsharma00]

Hii @m7mdharoun my custom domain is saved but i get this " Domain does not resolve to the GitHub Pages server" pls help me

[nayeems3c]

Just made a takeover. Thank you mate @mohamed-faris

[pdelteil]

I just tried with 600 domains giving the fingerprint, none of them resulted in a takeover.

[the-air-cyborg]

@vaadataa I confirm this too last month I takeover 4 subdomains pointing to Fastly

Steps for takeover here Guys with video you can find it here https://www.mohamedharon.com/2019/06/can-i-takeover-xyz-steps.html

the link is not working!!

[KKonaNN]

fastly is an edge case its still vuln when none claimed domain tested on a live target http://live.pandora.com

[a11enx6ax6b]

In my case, when I visited the site redacted.com, I got error Fastly error: unknown domain: redacted.global.ssl.fastly.net. Please check blah blah blah. Gone to Fastly.com -> CDN -> CDN services -> New service -> Domain: redacted.global.ssl.fastly.net. It allowed me to add this as domain so I took over the domain.