Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Readme.io proofs #41

Closed
PatrikHudak opened this issue Sep 15, 2018 · 1 comment
Closed

Readme.io proofs #41

PatrikHudak opened this issue Sep 15, 2018 · 1 comment
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.

Comments

@PatrikHudak
Copy link

Service name

Readme.io (https://readme.io/)

Proof

The subdomains reside on *.readme.io. It is a classic virtual hosting scenario like in other similar services.

To verify whether subdomain takeover may be possible, run:

http -b GET http://{DOMAIN NAME} | grep -F -q "Project doesnt exist... yet!" && echo "Subdomain takeover may be possible" || echo "Subdomain takeover is not possible"

(Assuming you have Readme.io account created.)

  1. Go to dashboard.
  2. Set Project Name and its subdomain. Subdomain does not need to match the domain you are trying to takeover.
  3. In left sidebar, go to General Settings -> Custom Domain.
  4. Set Custom domain to the domain you want to takeover.
  5. Click Save.

Documentation

https://readme.readme.io/docs/setting-up-custom-domain

@EdOverflow EdOverflow added the vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service. label Sep 17, 2018
@codingo
Copy link
Collaborator

codingo commented Oct 15, 2018

Closed via #55

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.
Projects
None yet
Development

No branches or pull requests

3 participants