There is a takeover vector which doesnt get as much love, which is when the website resolves and provides a web response but includes a js file from an old unregistered domain. If we register the domain, we can provide our own JS file and execute arbitrary javascript on the page. This leads to full website takeover via redirect etc.
I think we can parse out the js files using beautiful soup
There is a takeover vector which doesnt get as much love, which is when the website resolves and provides a web response but includes a js file from an old unregistered domain. If we register the domain, we can provide our own JS file and execute arbitrary javascript on the page. This leads to full website takeover via redirect etc.
I think we can parse out the js files using beautiful soup