search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.58k stars 689 forks source link

Gitbook Subdomain takeover #259

Open ph4nt0m-py opened 2 years ago

ph4nt0m-py commented 2 years ago

Service name : Gitbook

Proof:

1: Screenshot (14)_LI

2: Screenshot (17)_LI

3: Screenshot (18)

4: Screenshot (19)_LI

Documentation : https://docs.gitbook.com/hosting/custom-domains/dns-configuration

pdelteil commented 2 years ago

I also added a template to find this subdomain takeover using nuclei.

ph4nt0m-py commented 2 years ago

Okay nice.

akincibor commented 6 months ago

I think gitbook is no more vulnerable.

mheranco commented 1 month ago

Not vulnerable anymore. The CNAME is now randomized: gitbook