search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.87k stars 716 forks source link

[Vulnerable] headwayapp.co subdomain takeover #420

Closed V35HR4J closed 2 months ago

V35HR4J commented 2 months ago

Service name

headwayapp

Fingerprint

The page you were looking for doesn't exist (404)

Proof

Screenshot 2024-08-26 at 7 31 30 PM Screenshot 2024-08-26 at 10 04 02 PM Screenshot 2024-08-26 at 10 04 40 PM

Documentation

https://docs.headwayapp.co/custom-domain

pdelteil commented 2 months ago

This is not a valid proof.

You should include the error/fingerprint.

V35HR4J commented 2 months ago

Hi @pdelteil I have updated it.

pdelteil commented 2 months ago

Thanks @V35HR4J.

It doesn't work for me:

image

samogod commented 2 months ago

It doesn't work for me too.

image

sumgr0 commented 2 months ago

Did this work for anyone?

V35HR4J commented 2 months ago

I am not sure of now but on march 2023, I had reported it and even got the bounty from private program on hackerone

Screenshot 2024-09-02 at 7 42 27 PM
pdelteil commented 2 months ago

You're leaking the program name in the header.