8 matches found
Cross site scripting
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...
CVE-2023-36474 Interactsh server settings make users vulnerable to Subdomain Takeover
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...
Equifax-vdp: Subdomain takeover at http://test.www.midigator.com
Vulnerability Subdomain test.www.midigator.com points to an AWS S3 bucket that no longer exists. I was able to take control of this bucket and serve my own content on it. Proof Of Concept code $ dig test.www.midigator.com snipped ;; ANSWER SECTION: test.www.midigator.com. 60 IN CNAME...
GHSA-M36X-MGFH-8G78 Subdomain Takeover in Interactsh server
A domain configured with interactsh server was vulnerable to subdomain takeover for specfic subdomain, i.e app, Interactsh server before 1.0.0 used to create cname entries for app pointing to projectdiscovery.github.io as default which intended to used for hosting interactsh web client using GitH...
Subdomain Takeover in Interactsh server
A domain configured with interactsh server was vulnerable to subdomain takeover for specfic subdomain, i.e app, Interactsh server before 1.0.0 used to create cname entries for app pointing to projectdiscovery.github.io as default which intended to used for hosting interactsh web client using GitH...
Vimeo: Domain pointing to vimeo portfolio are prone to takeover using on-demand.
We thank @bugdiscloseguys for finding this issue. We were only checking \ on-demand to on-demand, but not on-demand to portfolio. Vimeo offers service for pro users to add custom domain under portfolios so that portfolios can be hosted on your subDomain, However Vimeo offers same feature for...
Snapchat: Subdomain Takeover via Unclaimed WordPress site
@ysx found a bitstripsforschools CNAME entry pointing to an unclaimed WordPress domain, which could be taken over by an external party. The CNAME entry was for a product that is no longer active. An unclaimed WordPress domain mapping upgrade could be leveraged to assume the...
Enter: [CRITICAL]-Taking over entire subdomain of romit.io
Hi, During recon, I found out that blog.romit.io was not mapped with wordpress.com and the domain was returning back error like this domain has not been mapped with wordpress.com, to map it please login into wordpres.com. So, I quickly created an account on wordpress.com and mapped blog.romit.io ...