Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is uservoice subdomain takeover possible? #163

Open
1nc0gn170 opened this issue Aug 21, 2020 · 4 comments
Open

Is uservoice subdomain takeover possible? #163

1nc0gn170 opened this issue Aug 21, 2020 · 4 comments
Labels
not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.

Comments

@1nc0gn170
Copy link

I have found a program where website its response is 404 and Its Cname is pointing to uservoice.com.
I didn't find any registration portal for that site.

;; ANSWER SECTION:
mywebsite.com. 299 IN	CNAME	mywesbsite.uservoice.com.

Screenshot from 2020-08-21 14-44-19

Anyone Help me please

@HammyHavoc
Copy link

HammyHavoc commented Jan 20, 2021

Wondering this myself as a former UserVoice user. CC @austintaylor @attack7 @hoffoo

@hoffoo
Copy link

hoffoo commented Jan 21, 2021

@n41n4 @HammyHavoc

It is not possible - subdomain cnames are unique and cannot be reused

@HammyHavoc
Copy link

@n41n4 @HammyHavoc

It is not possible - subdomain cnames are unique and cannot be reused

Thanks for that! Thought as much. I had somebody reach out asking for a bug bounty reward in exchange for this "information".

@EdOverflow EdOverflow added the not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers. label Feb 3, 2021
@pdelteil
Copy link
Contributor

pdelteil commented Dec 6, 2022

More info https://hackerone.com/reports/269109

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.
Projects
None yet
Development

No branches or pull requests

5 participants