Giters

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Subdomain Takeover Possible via Landingi

messi96 opened this issue · comments

commented

Service name

Landingi

Proof

Landingi is Vulnerable to Subdomain Takeover
If you get an Error Similar to this one

Fingerprint

  1. Create a new account get a free one for 14 days
  2. Create your own template ( landing page ) for the PoC similar to
$ cat aelfjj1or81uegj9ea8z31zro.html
<!-- PoC by username -->
  1. Add the subdomain under Domains in the left pane.
  2. Subdomain gets successfully verified if it is unclaimed or has dangling CNAME records ( cname.landingi.com. )
  3. On the selected landing page click MORE “...” to expand the list of available actions
  4. Select “PUBLISHING OPTIONS” on the dropdown And then “CHANGE URL” if you want to.
  5. Choose your domain from the list and add a path to it if needed.
  6. Save changes & Publish!
  7. Enjoy your leads.

Documentation

https://landingi.com/knowledge-base

Thanks :)

commented

Hello Is this case still vulnerable ?

commented

This is an edge case. Needs to be verified manually

image

image

commented

image
this is error from landingi to?

commented

@adityathebe Is there a way to bypass it ?

commented

I confirm is not possible to take over the subdomains.