EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Subdomain Takeover via HubSpot

m7mdharoun opened this issue · comments

HubSpot

Proof

Example of https://hackerone.com/reports/38007

Doc

I do the same takeover last 2 days so The vulnerability is still exist .

@m7mdharoun I'm pretty familiar with this one and somewhat doubt your claim. Could you please provide a link to your more recent issue (if disclosed) or at minimum some further information?

@codingo I've disclosed the Bug Report but without the premssion of PayPal So someone report Hackerone Support and They warning me Poc here
hubspot

FingerPrint : Domain Not found
hubspot finger

Excellent, thank-you for the prompt response. I'll update the repo shortly.

@codingo Please check your twitter messages I've sent you the POC link

Hi, another example here:

https://hackerone.com/reports/407355

(He didn't say it was "Hubspot", but he said "this report is same as of this one:- https://hackerone.com/reports/38007"

Here is a recent example, but it contains few details about the PoC: https://hackerone.com/reports/335330

Both examples above were reports written 2 years ago, but disclosed recently.

@soareswallace Ah yes, I had overlooked that. Thanks.

This is no longer possible.
image

Halo, i discovered a domain connect the hubspot but went i regist it the domain i want to takeover is request the verification, is still vuln or no?