PatrikHudak
commented
5 years ago Official GitHub Pages docs: https://help.github.com/articles/using-a-custom-domain-with-github-pages/
Closed PatrikHudak closed 5 years ago
PatrikHudak
commented
5 years ago Official GitHub Pages docs: https://help.github.com/articles/using-a-custom-domain-with-github-pages/
codingo
commented
5 years ago Closing as now available on main readme.
sumgr0
commented
5 years ago Not able to takeover a subdomain pointing to GitHub.io. Error with CNAME is already taken.
snapshot attached.
Is GitHub takeover still working for anyone?
kishoretrommer
commented
4 years ago Not able to takeover a subdomain pointing to GitHub.io. Error with CNAME is already taken.
snapshot attached.
Is GitHub takeover still working for anyone?
Facing the same issue.
sumgr0
commented
4 years ago Is it possible to takeover githubapp.com subdomains with github.io CNAME?
ravkishu
commented
3 years ago Hi @sumgr0
I'm not quite sure but you should be able to, because it's not allowed only in case of github.io, github.com, or github.page as per official error I'm currently getting.
There isn't any such notice regarding githubapp.com. So, I suppose you should be able to takeover if it's available.
For more you can head over to https://docs.github.com/articles/setting-up-your-pages-site-repository/
netanmangal
commented
3 years ago Hi @EdOverflow
I am trying to takeover subdomain
Github has started to appending the username to the github.io/
I have done something wrong or I think github pages are no longer vulnerable unless the user/organization have totally deleted their account.
h3cksamrat
commented
3 years ago CNAME already taken error occurs in once already created repo and attached cname, so as my understanding *.github.io is not available for takeover. https://github.community/t/the-cname-is-already-taken/149785
Abhaysoft-inc
commented
2 years ago I was still able to takeover a domain
Notselwyn
commented
2 years ago Still works. +1
Looks like it's kind of conditional because it can say that the domain is claimed
Elgllad99
commented
2 years ago I was still able to takeover a domain
how you can takeover yet I have some of the vulnerable URLs, if you can help me..
akincibor
commented
2 years ago There is a new beta feature, every custom domain need to be verified. So Github is no more vulnerable.
akincibor
commented
2 years ago 
jbreed
commented
1 year ago @akincibor As mentioned, I ran into this specific issue where it required me to verify the domain by inserting a domain txt entry for verification on my account before I could add the custom domain to a repo.
Do we know if this is always the case for subdomain takeovers via github.io, or only specific domains with a feature enabled?
sumgr0
commented
1 year ago I've experienced the same with Github takeovers in the last couple of days. Looks like github has implemented it across the board.
Irresistible-K
commented
1 year ago @akincibor As mentioned, I ran into this specific issue where it required me to verify the domain by inserting a domain txt entry for verification on my account before I could add the custom domain to a repo.
Do we know if this is always the case for subdomain takeovers via github.io, or only specific domains with a feature enabled?
I found a subdomain pointing to xyz.github.io, and it is vulnerable, but when trying to set the vulnerable subdomain as the custom domain it asks to insert a txt entry for verification. Is there any way to takeover such a domain?
pdelteil
commented
1 year ago @akincibor As mentioned, I ran into this specific issue where it required me to verify the domain by inserting a domain txt entry for verification on my account before I could add the custom domain to a repo. Do we know if this is always the case for subdomain takeovers via github.io, or only specific domains with a feature enabled?
I found a subdomain pointing to xyz.github.io, and it is vulnerable, but when trying to set the vulnerable subdomain as the custom domain it asks to insert a txt entry for verification. Is there any way to takeover such a domain?
Then, it's not vulnerable.
sa1tama0
commented
1 year ago :warning::warning: GitHub's pages are now secure and no longer vulnerable. :warning::warning: GitHub has implemented DNS verification to confirm the legitimacy of domains.
EdOverflow
commented
1 year ago ⚠️⚠️ GitHub's pages are now secure and no longer vulnerable. ⚠️⚠️ GitHub has implemented DNS verification to confirm the legitimacy of domains.
This does not apply to retrospective custom domains, right?
akincibor
commented
1 year ago I thought Github was no longer vulnerable to STO but actually I managed to take a subdomain.
pdelteil
commented
1 year ago I thought Github was no longer vulnerable to STO but actually I managed to take a subdomain.
How?
dadsgone0
commented
7 months ago What if there is a 404 no pages site here error, but the account that owns it still exists? like if example30.github.io would 404, but the example30 account still existed, would it be vulnerable?
corneliusroemer
commented
6 months ago I confirm that the vulnerability still exists, at least for domains without domain verification. Example: turakhia.ucsd.edu
cyberduck404
commented
5 months ago Confirmed, still be vuln.
Paulino123p
commented
4 months ago You must verify your domain dev-test.***** before you can use it. Check out https://docs.github.com/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages for more information.
Service name
GitHub Pages
Proof
GitHub uses virtual hosting identical to other cloud services. The site needs to be specified explicitly in domain settings. Step-by-step process:
For screenshots, please refer to https://0xpatrik.com/takeover-proofs/.
To verify:
(Note: DOMAIN NAME has to be the affected domain, not the
github.iopage itself. This is due to Host header forwarding which affects the HTTP response)Documentation
There is only one format of GitHub Pages domains:
please note that having CNAME to
github.ioitself can also lead to subdomain takeover.