Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subdomain Takeover via HubSpot #59

Open
m7mdharoun opened this issue Oct 20, 2018 · 10 comments
Open

Subdomain Takeover via HubSpot #59

m7mdharoun opened this issue Oct 20, 2018 · 10 comments
Assignees
@codingo
Labels
needs confirmation

Comments

@m7mdharoun
Copy link

HubSpot

Proof

Example of https://hackerone.com/reports/38007

Doc

I do the same takeover last 2 days so The vulnerability is still exist .
@m7mdharoun m7mdharoun changed the title Subdomain Takeover Via HubSpot Subdomain Takeover via HubSpot Oct 20, 2018
@codingo
Copy link
Collaborator

codingo commented Nov 12, 2018

@m7mdharoun I'm pretty familiar with this one and somewhat doubt your claim. Could you please provide a link to your more recent issue (if disclosed) or at minimum some further information?

@codingo codingo self-assigned this Nov 12, 2018
@m7mdharoun
Copy link
Author

m7mdharoun commented Nov 12, 2018
edited
Loading

@codingo I've disclosed the Bug Report but without the premssion of PayPal So someone report Hackerone Support and They warning me Poc here
hubspot

FingerPrint : Domain Not found
hubspot finger

@codingo
Copy link
Collaborator

codingo commented Nov 13, 2018

Excellent, thank-you for the prompt response. I'll update the repo shortly.

@m7mdharoun
Copy link
Author

@codingo Please check your twitter messages I've sent you the POC link

@alanbriangh
Copy link

alanbriangh commented Mar 6, 2020
edited
Loading

Hi, another example here:

https://hackerone.com/reports/407355

(He didn't say it was "Hubspot", but he said "this report is same as of this one:- https://hackerone.com/reports/38007"

@jub0bs
Copy link

jub0bs commented May 11, 2020

Here is a recent example, but it contains few details about the PoC: https://hackerone.com/reports/335330

@soareswallace
Copy link

Both examples above were reports written 2 years ago, but disclosed recently.

@jub0bs
Copy link

jub0bs commented May 11, 2020
edited
Loading

@soareswallace Ah yes, I had overlooked that. Thanks.

manasmbellani pushed a commit to manasmbellani/subjack that referenced this issue Aug 16, 2020
fingerprints.json: added check for hubspot subdomain takeover. Taken …
ccb884b 
…from: EdOverflow/can-i-take-over-xyz#59
manasmbellani pushed a commit to manasmbellani/subjack that referenced this issue Aug 16, 2020
fingerprints.json: added check for hubspot subdomain takeover. Taken …
3078c91 
…from: EdOverflow/can-i-take-over-xyz#59
@rohan-birtia
Copy link

This is no longer possible.
image

@hellsing032
Copy link

Halo, i discovered a domain connect the hubspot but went i regist it the domain i want to takeover is request the verification, is still vuln or no?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codingo codingo

Labels
needs confirmation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@codingo @EdOverflow @soareswallace @m7mdharoun @alanbriangh @jub0bs @rohan-birtia @hellsing032