search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.75k stars 704 forks source link

Subdoamin Takeover Possible via Intercom Help Center #69

Open MuhammadKhizerJaved opened 5 years ago

MuhammadKhizerJaved commented 5 years ago

Intercom Help Center

Proof

If you get an Error Similar to this one that gives 404 Error simply go to https://www.intercom.com/customer-support-software create a new account buy the service or get a free demo for 14 days

Then visit https://app.intercom.io/a/apps/pr1twx7u/articles/site/settings and add the subdomain that's giving error in custom domain field

screenshot 2018-11-20 at 3 40 08 pm

Turn On the Help Center and Publish a test article also otherwise you won't be able to turn on the help center

after you turn on successfully you'll be the admin of the help center

screenshot 2018-11-20 at 3 42 23 pm

Documentation

https://www.intercom.com/help/

Thanks 😉

phoenix-sec commented 5 years ago

great khizar <3

m7mdharoun commented 5 years ago

Seems Interested 👍 waiting validation

snapsecco commented 5 years ago

Awesome bro

ziak2677 commented 5 years ago

This Issue is vulnerable or not?

(Warning! Domain mapping upgrade for this domain not found. Please log in and go to the Domains Upgrades page of your blog to use this domain.)

If vulnerable then how i takeover through wordpress?? kindly guide.

janmasarik commented 5 years ago

Doesn't seem to work in case the domain is (or maybe was already) taken:

image

The non-vulnerable page seems to be the same one:

image

However, it sometimes returns a different error message:

image

PjMpire commented 5 years ago

Takeover is edge case. A user can claim domain and turn off the helpcenter which then directs to the 404 page. I discovered that the domain can be registered if and when released by the current workspace owner.

image

Phoenix1112 commented 5 years ago

hello bro.. i need help. I'm now a member of the site. I can't find which part of the target subdomain name to enter. please help with this.

image

which section do I need to enter from here? @MuhammadKhizerJaved @PjMpire

PjMpire commented 5 years ago

hello bro.. i need help. I'm now a member of the site. I can't find which part of the target subdomain name to enter. please help with this.

which section do I need to enter from here? @MuhammadKhizerJaved @PjMpire

Articles tab on the left hand side -> settings -> setup the basics

Phoenix1112 commented 5 years ago

@PjMpire Thanks for the help. now I get an error when I try to register domain address... I get the warning that this domain name has already been taken. I see this image when I enter the target site. can't this subdomain be taken?

image3

PjMpire commented 5 years ago

@Phoenix1112 as i mentioned in my previous post. Takeover is edge case. If the name has been registered but the help center has been disabled, takeover is not possible