-
-
Notifications
You must be signed in to change notification settings - Fork 716
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Short.io takeover #260
Comments
I also added this template to nuclei. |
Hi! Thanks for checking for domain takeover - we are aware of this type of attack and prevent it from happening. I'll share our checks:
There can be a corner case when user points DNS records to our IP and does not add a domain, but should be a deliberate action because we display configuration instruction after the user adds a domain in our system. Also, there can be a corner case when a user adds a domain he does not control, but it does not pose a security risk, only prevents legitimate domain owner from using our service (and this problem is solved by our support engineers). Feel free to tell us if you don't think these measures are enough |
confirm, not vulnerable anymore. |
Can you please update the Readme? |
@EdOverflow can you please update details about our website? |
Hello there @gugu, I can confirm this takeover is still possible. |
How ?? |
Yes, more details will be helpful addition to your answer |
Adding a custom domain discovered with the template. Test it yourself. |
where can I send you a report? BBH? 🤣 |
At mail hlynurfrey@gmail.com |
what do you mean ? |
Service name
Short.io
Proof
Documentation
https://help.short.io/en/articles/4065825-general-subdomain-setup-instruction
The text was updated successfully, but these errors were encountered: