search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.59k stars 690 forks source link

Uptimerobot.com Custom Domain Takeover #45

Open 0xAsuka opened 5 years ago

0xAsuka commented 5 years ago

Uptimerobot.com

There is no additional verification for add custom domain. just add cname record and pointing to stats.uptimerobot.com

https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/

sorry it is indonesian language. but i add some screenshot so i think you will understand.

bluedangerforyou commented 5 years ago

What is the error on browser? Page not found? 404? page not found? I cannot seem to find a sample not found page.

0xAsuka commented 5 years ago

yes. it say "page not found"

bluedangerforyou commented 5 years ago

Thank you.

marcelo321 commented 4 years ago

@linuxsec Hey, how does the cname look like? and the fingerprint only says "page not found"?

adityathebe commented 4 years ago

What is the impact of this takeover ?

adityathebe commented 4 years ago

There's nothing much we can do by setting up a "Public Status Page" in uptimerobot

bsysop commented 4 years ago

Take a look in the impact

:joy:

Just for Phishing i guess.

adityathebe commented 4 years ago

Just for Phishing i guess.

Not sure how we can do phishing either since we have absolute no control over the uptimerobot subdomain.

Sorry if I am not understanding correctly

bsysop commented 4 years ago

I mean:

Not means a bug hunter will do a phishing attack of course.

adityathebe commented 4 years ago

I meant to say it's not possible to perform a phishing attack even for a malicious user.

Even if a subdomain abc.example.com that is pointing to stats.uptimerobot.com is vulnerable to takeover then all an attacker can do is register abc.example.com in uptimerrobot. But that's just it. Visiting the subdomain will show the stats of some site (the attacker has the freedom to choose which site) but there's nothing much one can do beyond that.

bsysop commented 4 years ago
Captura de Tela 2020-05-07 às 12 47 29

That example show everything UP, right? lets say you properly set a server DOWN just to TRICK (LIE) the company... now you have convinced some staff they have a server down, so now you have a person in panic in the other side, now you can try use that in your favour to do something you need, like click in other poisoned link, or something.

Again, its not something impactful i tried to say its only what an blackhat attacker can do, which in BugBounty it means nothing.

sumgr0 commented 4 years ago

The service is similar to statuspage.io and may not be considered impactful.

Joker-cyber369 commented 3 years ago

I have a message like 404 PAGE NOT FOUND on a website how can I take over that subdomain

xgt6op commented 1 year ago

I got a 404 page and did not find how to take over the page.

xgt6op commented 1 year ago

Can anyone help me that do I have to buy premium for the custom domain?

Ye-Yint-Htet-T commented 1 year ago

Hello

this is need premium account ?? add for custom domain