Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subdomain Takeover through Kinsta #48

Open
Avileox opened this issue Oct 3, 2018 · 7 comments
Open

Subdomain Takeover through Kinsta #48

Avileox opened this issue Oct 3, 2018 · 7 comments
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.

Comments

@Avileox
Copy link
Contributor

Avileox commented Oct 3, 2018

Service name

Kinsta

Website

https://kinsta.com/

Credential

screenshot 45 _li

Condition

Subdomain takeover through Kinsta is possible but for creating POC you need a paid account because kinsta need a paid account for creating subdomains and using web hosting through kinsta.
@codingo codingo added the vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service. label Oct 14, 2018
@codingo
Copy link
Collaborator

codingo commented Oct 18, 2018

@Cyberdolt have you performed one of these already or do you have a reference writeup so I can add this to the main repository?

@Avileox
Copy link
Contributor Author

Avileox commented Oct 20, 2018

I reported this issue but the organization didn't fix the issue yet so, I am waiting for them to resolve after that I will provide the full description.

@itachi73
Copy link

itachi73 commented May 3, 2019

@Avileox
How it possible to take a subdomain over as long as it has an A record for a kinsta dedicated IP ?

@Avileox
Copy link
Contributor Author

Avileox commented May 4, 2019

Most Probably, It is impossible to takeover subdomain with A record through Kinsta.
Here is the response from kinsta for orphan CNAME.
404 Not Found
Content-Length=[33604]
Server = kinsta-nginx

@itachi73
Copy link

itachi73 commented May 4, 2019

I met the same response with an A record

@sumgr0
Copy link

sumgr0 commented Jul 4, 2020

So does that mean, if a vulnerable subdomain has the A record pointing to an IP, it's impossible to takeover the subdomain?

Closed
@m0chan
Copy link

m0chan commented Sep 9, 2021

This is no longer possible, requires TXT verification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@codingo @sumgr0 @itachi73 @Avileox @m0chan