fastly is vuln - Githubissues

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Creative Commons Attribution 4.0 International

4.59k stars 690 forks source link

fastly is vuln #411

Open KKonaNN opened 3 weeks ago

KKonaNN commented 3 weeks ago

Service name

fastly.com

Proof

http://live.pandora.com

Documentation

its only vuln when no body already claimed the main domain (pandora.com in my case)

N-N33 commented 3 weeks ago

Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?

Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?

Edit: I tried testing the above out and I got the following error:

Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service

KKonaNN commented 3 weeks ago

Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?

Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?

Edit: I tried testing the above out and I got the following error:

Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service

login into your fastly account
go into CDN services
create a new service
go to Service configuration / Domains
add your vuln subdomain there (SubtakeoverPOC.Redacted.com)

it will work if none already have it added

KKonaNN commented 3 weeks ago

Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?

Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?

Edit: I tried testing the above out and I got the following error:

Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service

i used subzy to scan many subdomains and it popped as vuln (live.pandora.com [ FASTLY ]) so i did the steps that i sent and worked ps; the takeover could be false i think when origin is not reached fastly will give same error as not claimed