Acquia Takeover

Question

Acquia Takeover

KeepWannabe opened this issue 5 years ago · comments

Can i Takeover via acquia ?

Robbie · Answer 1 · Mon Jul 22 2019 17:08:35 GMT+0800 (China Standard Time)

I am currently struggling with this as it creates random subdomains so far and i am not looking to upgrade to find out about the prod.

mcipekci · Answer 2 · Thu May 21 2020 21:29:59 GMT+0800 (China Standard Time)

This is not vulnerable because of following reasons:

Acquia generates a generic unique IP address for customers when creating environment.
Since IP address is unique, you must either spam creating environments yet it's still unclear and each creation process takes around 30 minutes.
To enable adding custom domain feature, you must subscribe for it and it's way too much costly, while they do not directly charge you, it's still not worth because of unclear state of IP address is being used or not

Let me show you some information with screenshots

As we can see from below Acquia generates unique IP:

When adding custom domain Acquia verifies that domain is resolving into IP address they provided you:

I also used one of my own domains to verify the state:

So basically Acquia is not vulnerable or way over edge case.

Martin Bajanik · Answer 3 · Sat Jul 25 2020 19:27:59 GMT+0800 (China Standard Time)

Was digging into this lately and found https://docs.acquia.com/resource/definitions/realm/:

Some common realms include, but aren’t limited to the following:

Cloud Platform Enterprise: prod

Cloud Platform Professional: devcloud

Site Factory: The value can vary for Site Factory subscribers. To identify the correct realm for an Site Factory subscription, contact Acquia support.

Cloud Platform will display the realm for your subscription in the default domain name included with your subscription. For example, a default domain name for a website in an Cloud Platform Professional subscription can be examplesite.devcloud.acquia-sites.com.

It seems that the aforementioned (randomly generated subdomains etc.) is true for "Cloud Platform Professional" customers. Enterprise customers seem to have predictably generated subdomains with a different "realm" — the devcloud vs. prod part in the provided URL.

tldr;

"So basically Acquia is not vulnerable or way over edge case."

whisperer256 · Answer 4 · Wed Dec 30 2020 13:39:34 GMT+0800 (China Standard Time)

What is the CNAME for this service?

FUCKGITHUBS · Answer 5 · Fri Jan 08 2021 06:31:57 GMT+0800 (China Standard Time)

FUCKGITHUBS commented 3 years ago

FUCKGITHUBS · Answer 6 · Tue Feb 01 2022 20:39:57 GMT+0800 (China Standard Time)

??

…

Message ID: ***@***.*** com>

OVERPEY · Answer 7 · Sat Sep 03 2022 20:42:09 GMT+0800 (China Standard Time)

how to get free trial on this service ?

Human · Answer 8 · Wed Nov 01 2023 12:05:03 GMT+0800 (China Standard Time)

Hi I have takeover the a acquia cloud subdomain of Starbucks where I get $640 because the domain was disconnected after free trial so only $640 it is a vulnerable subdomain you can use whatweb tool to see the vulnerable if the content has Acquia HTML install
something like this then it is 100% vulnerable one
Here is one hackerone disclosed report mine report was not published now but there is one

https://hackerone.com/reports/874482

Philippe Delteil · Answer 9 · Thu Jan 04 2024 07:42:25 GMT+0800 (China Standard Time)

Hi I have takeover the a acquia cloud subdomain of Starbucks where I get $640 because the domain was disconnected after free trial so only $640 it is a vulnerable subdomain you can use whatweb tool to see the vulnerable if the content has Acquia HTML install something like this then it is 100% vulnerable one Here is one hackerone disclosed report mine report was not published now but there is one

https://hackerone.com/reports/874482

This is just a dangling subdomain not a takeover.