Open m7mdharoun opened 5 years ago
Thank you for raising this issue, @m7mdharoun. @codingo, we really need to look into FreshDesk at some point.
@EdOverflow @codingo I want to add : when you sign up at freshdesk you will get any subdomain ex : mysubdomain.freshdesk.com you can request to change your subdomain to any avialable subdomain by only Freshdesk support. ( freshdesk allow this )
is this still vulnerable @m7mdharoun @EdOverflow
freshdesk is not vulnerable @EdOverflow
No one thinks about close this "2-years club" issue
I think I was able to takeover. So its still vulnerable
@justforhack, the way the project works is that "Issues" are not in fact used for their intended purpose. This has turned more into a forum of sorts for people to discuss specific services within issue tickets. Closing issue tickets makes them slightly less discoverable which is undesirable. In other words, there is no "fix" for these issues as you might typically see on GitHub—these are merely posts and discussions.
Okay man!!
(I thought my comment was disappeared from this world, a long time ago...)
Hello Guys, Is there still freshdesk cname is vulnerable to subdomain takeover.
They now seem to require validation through adding a DNS record. I don't think takeover is still possible. If there's some way around the verification, I'm all ears.
FreshDesk Subdomain Takeover is Vulnerable or not any verification is required
can confirm, it's not vulnerable
Service name
FreshDesk
Proof
if the subdomain have an fingerprint and the cname is the same fingerprint Yes the subdomain can be takeover !
FingerPrint
We couldn't find support.example.com
May be this is still fresh!You can claim it now at http://www.freshdesk.com/signup ``
Documentation
HarryMag could takeover a Subdomain http://support.hvst.com/support/login