fastly is vuln - Githubissues

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Creative Commons Attribution 4.0 International

4.87k stars 716 forks source link

fastly is vuln #411

Open KKonaNN opened 5 months ago

KKonaNN commented 5 months ago

Service name

fastly.com

Proof

http://live.pandora.com

Documentation

its only vuln when no body already claimed the main domain (pandora.com in my case)

N-N33 commented 5 months ago

Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?

Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?

Edit: I tried testing the above out and I got the following error:

Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service

KKonaNN commented 5 months ago

Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?

Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?

Edit: I tried testing the above out and I got the following error:

Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service

login into your fastly account
go into CDN services
create a new service
go to Service configuration / Domains
add your vuln subdomain there (SubtakeoverPOC.Redacted.com)

it will work if none already have it added

KKonaNN commented 5 months ago

Really cool finding and even cooler sub-takeover page. That being said how is it possible that the main domain is not claimed?

Did you just put in your own subdomain (unrelated to Pandora) and hoped it would work or did that subdomain pop-up during recon as a fastly subdomain?

Edit: I tried testing the above out and I got the following error:

Fastly error: unknown domain: [SubtakeoverPOC.Redacted.com] Please check that this domain has been added to a service

i used subzy to scan many subdomains and it popped as vuln (live.pandora.com [ FASTLY ]) so i did the steps that i sent and worked ps; the takeover could be false i think when origin is not reached fastly will give same error as not claimed