Open Shoaib18 opened 3 years ago
Any way to exploit bitly custom domain?
Confirmed to be vulnerable. Exploited this as of July, 2023.
Confirmed to be vulnerable. Exploited this as of July, 2023.
Could you please share the report or process to verify it?
Confirmed to be vulnerable. Exploited this as of July, 2023.
@c3l3si4n Could you please share the report or process to verify it?
Bitly is probably vulnerable, if you read this: https://support.bitly.com/hc/en-us/articles/360025607351
There is no type of verification like a TXT record or something. Only the A and CNAME records, which are the same for everyone.
Problem: You need to pay for the "Basic" plan to use custom domains, which is $35/month. As you cannot host content on bitly itself, it is basically only an Open Redirect. So in my opinion not worth the hassle.