Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Subdomain takeover via Helprace #115

Open
Spam404 opened this issue Sep 17, 2019 · 1 comment
Open

Subdomain takeover via Helprace #115

Spam404 opened this issue Sep 17, 2019 · 1 comment
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.

Comments

@Spam404
Copy link

Spam404 commented Sep 17, 2019

Service name

Helprace

Fingerprint

Alias not configured!
Admin of this Helprace account needs to set up domain alias
(see Step 2 here: Using your own domain with Helprace).

helprace

Proof

Helprace

Documentation

CNAME = *.helprace.com
@EdOverflow EdOverflow added the vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service. label May 18, 2020
Closed
@TheTechromancer
Copy link
Contributor

The fingerprint appears to have changed. Unclaimed subdomains now respond with a 301 redirect to https://helprace.com.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EdOverflow @TheTechromancer @Spam404