codingo
commented
5 years ago @Cyberdolt have you performed one of these already or do you have a reference writeup so I can add this to the main repository?
Open Avileox opened 6 years ago
codingo
commented
5 years ago @Cyberdolt have you performed one of these already or do you have a reference writeup so I can add this to the main repository?
Avileox
commented
5 years ago I reported this issue but the organization didn't fix the issue yet so, I am waiting for them to resolve after that I will provide the full description.
itachi73
commented
5 years ago @Avileox
How it possible to take a subdomain over as long as it has an A record for a kinsta dedicated IP ?
Avileox
commented
5 years ago Most Probably, It is impossible to takeover subdomain with A record through Kinsta. Here is the response from kinsta for orphan CNAME. 404 Not Found Content-Length=[33604] Server = kinsta-nginx
itachi73
commented
5 years ago I met the same response with an A record
sumgr0
commented
4 years ago So does that mean, if a vulnerable subdomain has the A record pointing to an IP, it's impossible to takeover the subdomain?
m0chan
commented
3 years ago This is no longer possible, requires TXT verification.
Service name
Kinsta
Website
https://kinsta.com/
Credential
Condition
Subdomain takeover through Kinsta is possible but for creating POC you need a paid account because kinsta need a paid account for creating subdomains and using web hosting through kinsta.