Skip to content

Commit

Permalink
Merge pull request EdOverflow#141 from adiffpirate/master
Browse files Browse the repository at this point in the history 
New services and some fixes
  • Loading branch information
@codingo
codingo authored Apr 12, 2020
2 parents f041c1b + fd5ae54 commit 34ccdbd
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,18 @@ A list of services that can be checked (although check for duplicates against th
Engine | Status | Fingerprint | Discussion | Documentation
--------------------------------------------- | -------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------
Airee.ru | Vulnerable | | [Issue #104](https://github.com/EdOverflow/can-i-take-over-xyz/issues/104) |
Anima | Vulnerable | `If this is your website and you've just created it, try refreshing in a minute` | [Issue #126](https://github.com/EdOverflow/can-i-take-over-xyz/issues/126) | [Anima Documentation](https://docs.animaapp.com/v1/launchpad/08-custom-domain.html)
Akamai | Not vulnerable | | [Issue #13](https://github.com/EdOverflow/can-i-take-over-xyz/issues/13) |
AWS/S3 | Vulnerable | `The specified bucket does not exist` | [Issue #36](https://github.com/EdOverflow/can-i-take-over-xyz/issues/36)
Bitbucket | Vulnerable | `Repository not found` |
Campaign Monitor | Vulnerable | 'Trying to access your account?' | | [Support Page](https://help.campaignmonitor.com/custom-domain-names)
Campaign Monitor | Vulnerable | `Trying to access your account?` | | [Support Page](https://help.campaignmonitor.com/custom-domain-names)
Cargo Collective | Vulnerable | `404 Not Found` | | [Cargo Support Page](https://support.2.cargocollective.com/Using-a-Third-Party-Domain)
Cloudfront | Not vulnerable | ViewerCertificateException | [Issue #29](https://github.com/EdOverflow/can-i-take-over-xyz/issues/29) | [Domain Security on Amazon CloudFront](https://aws.amazon.com/blogs/networking-and-content-delivery/continually-enhancing-domain-security-on-amazon-cloudfront/)
Desk | Not vulnerable | `Please try again or try Desk.com free for 14 days.` | [Issue #9](https://github.com/EdOverflow/can-i-take-over-xyz/issues/9)
Digital Ocean | Vulnerable | Domain uses DO name serves with no records in DO. | | |
Fastly | Edge case | `Fastly error: unknown domain:` | [Issue #22](https://github.com/EdOverflow/can-i-take-over-xyz/issues/22)
Feedpress | Vulnerable | `The feed has not been found.` | [HackerOne #195350](https://hackerone.com/reports/195350)
Firebase | Not vulnerable | | [Issue #128](https://github.com/EdOverflow/can-i-take-over-xyz/issues/128) |
Fly.io | Vulnerable | `404 Not Found` | [Issue #101](https://github.com/EdOverflow/can-i-take-over-xyz/issues/101)
Freshdesk | Not vulnerable | || [Freshdesk Support Page](https://support.freshdesk.com/support/solutions/articles/37590-using-a-vanity-support-url-and-pointing-the-cname)
Ghost | Vulnerable | `The thing you were looking for is no longer here, or never was` |
Expand All @@ -56,28 +58,31 @@ HatenaBlog | vulnerable | `404 Blog is not found`
Help Juice | Vulnerable | `We could not find what you're looking for.` | | [Help Juice Support Page](https://help.helpjuice.com/34339-getting-started/custom-domain)
Help Scout | Vulnerable | `No settings were found for this company:` | | [HelpScout Docs](https://docs.helpscout.net/article/42-setup-custom-domain)
Heroku | Edge case | `No such app` | [Issue #38](https://github.com/EdOverflow/can-i-take-over-xyz/issues/38)
Instapage | Not vulnerable | | [Issue #73](https://github.com/EdOverflow/can-i-take-over-xyz/issues/73) | |
Intercom | Vulnerable | `Uh oh. That page doesn't exist.` | [Issue #69](https://github.com/EdOverflow/can-i-take-over-xyz/issues/69) | [Help center](https://www.intercom.com/help/)
JetBrains | Vulnerable | `is not a registered InCloud YouTrack` | | [YouTrack InCloud Help Page](https://www.jetbrains.com/help/youtrack/incloud/Domain-Settings.html)
Key CDN | Not Vulnerable | | [Issue #112](https://github.com/EdOverflow/can-i-take-over-xyz/issues/112) |
Key CDN | Not vulnerable | | [Issue #112](https://github.com/EdOverflow/can-i-take-over-xyz/issues/112) |
Kinsta | Vulnerable | `No Site For Domain` |[Issue #48](https://github.com/EdOverflow/can-i-take-over-xyz/issues/48) | [kinsta-add-domain](https://kinsta.com/knowledgebase/add-domain/)
LaunchRock | Vulnerable | `It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us.` |[Issue #74](https://github.com/EdOverflow/can-i-take-over-xyz/issues/74) |
Mashery | Edge Case | `Unrecognized domain` | [HackerOne #275714](https://hackerone.com/reports/275714), [Issue #14](https://github.com/EdOverflow/can-i-take-over-xyz/issues/14)
Microsoft Azure | Vulnerable | | [Issue #35](https://github.com/EdOverflow/can-i-take-over-xyz/issues/35) |
Netlify | Edge Case | | [Issue #40](https://github.com/EdOverflow/can-i-take-over-xyz/issues/40) |
Ngrok | Vulnerable | `Tunnel *.ngrok.io not found` | [Issue #92](https://github.com/EdOverflow/can-i-take-over-xyz/issues/92) | [Ngrok Documentation](https://ngrok.com/docs#http-custom-domains)
Pantheon | Vulnerable | `404 error unknown site!` |[Issue #24](https://github.com/EdOverflow/can-i-take-over-xyz/issues/24) | [Pantheon-Sub-takeover](https://medium.com/@hussain_0x3c/hostile-subdomain-takeover-using-pantheon-ebf4ab813111)
Readme.io | Vulnerable | `Project doesnt exist... yet!` | [Issue #41](https://github.com/EdOverflow/can-i-take-over-xyz/issues/41)
Sendgrid | Not vulnerable | |
Shopify | Edge Case | `Sorry, this shop is currently unavailable.` |[Issue #32](https://github.com/EdOverflow/can-i-take-over-xyz/issues/32), [Issue #46](https://github.com/EdOverflow/can-i-take-over-xyz/issues/46)| [Medium Article](https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75)
SmartJobBoard | Vulnerable | `This job board website is either expired or its domain name is invalid.` | [Issue #139](https://github.com/EdOverflow/can-i-take-over-xyz/issues/139) | [Support Page](https://help.smartjobboard.com/en/articles/1269655-connecting-a-custom-domain-name)
Squarespace | Not vulnerable | |
Statuspage | Vulnerable | Visiting the subdomain will redirect users to https://www.statuspage.io. | [PR #105](https://github.com/EdOverflow/can-i-take-over-xyz/pull/105) | [Statuspage documentation](https://help.statuspage.io/knowledge_base/topics/domain-ownership) |
Strikingly | Vulnerable | `page not found` |[Issue #58](https://github.com/EdOverflow/can-i-take-over-xyz/issues/58) | [Strikingly-Sub-takeover](https://medium.com/@sherif0x00/takeover-subdomains-pointing-to-strikingly-5e67df80cdfd)
Surge.sh | Vulnerable | `project not found` || [Surge Documentation](https://surge.sh/help/adding-a-custom-domain)
Tumblr | Edge Case | `Whatever you were looking for doesn't currently exist at this address` |
Tilda | Edge Case | `Please renew your subscription` | [PR #20](https://github.com/EdOverflow/can-i-take-over-xyz/pull/20)
Unbounce | Not vulnerable | `The requested URL was not found on this server.` | [Issue #11](https://github.com/EdOverflow/can-i-take-over-xyz/issues/11)
Unbounce | Edge Case | `The requested URL was not found on this server.` | [Issue #11](https://github.com/EdOverflow/can-i-take-over-xyz/issues/11)
Uptimerobot | Vulnerable | `page not found` |[Issue #45](https://github.com/EdOverflow/can-i-take-over-xyz/issues/45) | [Uptimerobot-Sub-takeover](https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/)
UserVoice | Vulnerable | `This UserVoice subdomain is currently available!` |
Webflow | Edge Case | |[Issue #44](https://github.com/EdOverflow/can-i-take-over-xyz/issues/44) |[forum webflow](https://forum.webflow.com/t/hosting-a-subdomain-on-webflow/59201)
Webflow | Edge Case | `The page you are looking for doesn't exist or has been moved.` |[Issue #44](https://github.com/EdOverflow/can-i-take-over-xyz/issues/44) |[forum webflow](https://forum.webflow.com/t/hosting-a-subdomain-on-webflow/59201)
Wordpress | Vulnerable | `Do you want to register *.wordpress.com?` |
WP Engine | Not vulnerable | |
Zendesk | Not Vulnerable | `Help Center Closed` | [Issue #23](https://github.com/EdOverflow/can-i-take-over-xyz/issues/23) | [Zendesk Support](https://support.zendesk.com/hc/en-us/articles/203664356-Changing-the-address-of-your-Help-Center-subdomain-host-mapping-)
Zendesk | Not vulnerable | `Help Center Closed` | [Issue #23](https://github.com/EdOverflow/can-i-take-over-xyz/issues/23) | [Zendesk Support](https://support.zendesk.com/hc/en-us/articles/203664356-Changing-the-address-of-your-Help-Center-subdomain-host-mapping-)

0 comments on commit 34ccdbd

Please sign in to comment.