Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uberflip Service #150

Open
AmanShahid opened this issue May 18, 2020 · 2 comments
Open

Uberflip Service #150

AmanShahid opened this issue May 18, 2020 · 2 comments
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.

Comments

@AmanShahid
Copy link

Service name

Uberflip

Proof

https://hackerone.com/reports/863551

Documentation

If the subdomain shows error "Non-hub domain, The URL you've accessed does not provide a hub. Please check the URL and try again." and is pointing toward read.uberflip.com then it is vulnerable to takeover because according to uberflip "The only protection is the customer’s proper management of their subdomains.
For this reason, we do not recommend customers point wildcards to us, and that they follow DNS management best practices by periodically reviewing all their hostnames and subdomains."

Thanks,
Aman Shahid
https://twitter.com/amansmughal

@EdOverflow EdOverflow added the vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service. label May 19, 2020
@sumgr0
Copy link

sumgr0 commented May 19, 2020

Hi @AmanShahid

Thank you for sharing the report.
Going to uberflip.com for account setup, I could not see any way to signup for a service. Request you to kindly share the process/url to signup for the service to understand the process of hosting a POC for the takeovers.

Best,
sumgr0

adiffpirate added a commit to adiffpirate/can-i-take-over-xyz that referenced this issue Jul 19, 2020
Added:

- Gemfury EdOverflow#154
- Uberfilp EdOverflow#150
- Agile CRM EdOverflow#145
- Pingdom EdOverflow#144
- Worksites EdOverflow#142
@ethrx
Copy link

ethrx commented Feb 25, 2021

Some websites might not be added to an Uberflip account, however it is not possible for takeover. Registering for an account is not possible, you have to book a demo with the sales team.

The Hackerone report that was linked above was an empty takeover, they didn't actually perform it. I find it highly unlikely that someone could register with their sales team pretending to be that company.

Should this be closed as not possible?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.
Projects
None yet
Development

No branches or pull requests

4 participants