Giters

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Subdomain takeover using https://tilda.cc/

m0ns7er opened this issue · comments

commented

Service name

https://tilda.cc/

Proof

https://hackerone.com/reports/894657

Documentation

Subdomains which are pointing to tilda.cc,and has a unclaimed DNS record are vulnerable for subdomain-takeover.

Reference

https://help.tilda.ws/customdomain#:~:text=Navigate%20to%20the%20Site%20Settings,in%20the%20right%20upper%20corner.

commented

I just took over one Tilda domain.

This is the error message

Screenshot from 2021-04-03 23-12-39

commented

I found one with another error message

"Please renew your subscription". In this case is not possible to take over the subdomain.

Screenshot from 2021-05-06 23-26-58