EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.89k stars 717 forks source link

Smartling Takeover #67

Open Regala opened 6 years ago

Regala commented 6 years ago

Service name

Smartling is a translation service.

Proof

If the vulnerable domain has a CNAME pointing to e.g. *.smartling.com - open that domain and check for the string:

"Domain is not configured"

This means it should be possible to takeover.

Documentation

Problem here is I can't actually be sure this works. A couple of subdomain takeover tools mention this service as well as this fingerprint, but I can't actually look up any report or blog post specifying this. Furthermore, to have access to smartling it seems you actually have to go through a manual register / validation process (I might be wrong).

The best reference so far is actually smartling documentation here. Reading the article, it doesn't seem any kind of ownership verification is done so, in theory, should be possible to just register a domain and complete the takeover.

If anyone can dig a bit more on this, would be awesome.

Regala commented 6 years ago

No idea how to test this, so happy if you can do the ground work.

Where's an example domain: http://cn.atlassian.sl.smartling.com/

This comes from cn.atlassian.com - there's a CNAME pointing there. However, because there A records, it never reaches the CNAME. I think. Who knows, this is unicorns stuff for me.

K4r1it0 commented 5 years ago

is this still takeover-able

shubham4500 commented 4 years ago

paid service :(

knc331 commented 4 years ago

I was able to signup, however i was unable to access the Smartling dashboard where we can perform the subdomain configurations. I am yet to explore more. If any of you guys know about this please through some light. If it is a paid service, I am ok to purchase but this should work.

knc331 commented 4 years ago

paid service :(

Any more information you have on the Shubam?

swethasridevi commented 4 years ago

@knc331 How did you signup?

ankushgoel27 commented 4 years ago

Any more information on this?

jah-cyber commented 3 years ago

anything ??

ms-geeky commented 3 years ago

nah nothing!

edoardottt commented 3 years ago

Any info?

pdelteil commented 3 years ago

It seams that you can't create a new account.

pdelteil commented 3 years ago

It seams that you can't create a new account.

I've tried many times to request a demo in order to create an account but no success in the last 6 months.

I think it should be declared 'Not Vulnerable'

0xcrypto commented 3 years ago

Completely manual process, should be Not Vulnerable. @knc331 I think all you did was signed in with Google. You won't be able to do anything with that account aside from logout.

vsanjay commented 3 years ago

its not vulnerable :(

TheJulfikarpoc commented 3 years ago

I was able to signup, however i was unable to access the Smartling dashboard where we can perform the subdomain configurations. I am yet to explore more. If any of you guys know about this please through some light. If it is a paid service, I am ok to purchase but this should work.

How did you sign up?

xmrstickers commented 1 year ago

is this still a non-issue? still finding smartling domains with the "Domain is not configured" text

khaled4android commented 1 year ago

I can't sign up in smartling? how can I do?

m-tabarik commented 1 year ago

It's the same issue discussed above. I think it's not vulnerable ;)

elvish-saurabh commented 8 months ago

Has anyone created an account on Smartling? if yes then please share the process