Better Uptime - Githubissues

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Creative Commons Attribution 4.0 International

4.78k stars 712 forks source link

Better Uptime #368

Open movitz-s opened 1 year ago

movitz-s commented 1 year ago

Service name

betterstack.com

Proof

Requires no account specific key or the like.

Documentation

Better Stack, or more specifically their service Better Uptime, has no subdomain takeover protection. They allow paying users to host custom JavaScript which means that an overtaken subdomain can be used to steal wildcard cookies etc.

pdelteil commented 1 year ago

What's the fingerprint?

movitz-s commented 1 year ago

Stauts 302
Location: https://betteruptime.com

<html><body>You are being <a href="https://betteruptime.com">redirected</a>.</body></html>

Should I make a PR?