Subdomain Takeover possible through Webflow ?

rat

 
Registered
Joined
Dec 15, 2019
Messages
6
Points
3
I found a wasted subdomain.
Page return "Fastly error: unknown domain: domainxyz.com. Please check that this domain has been added to a service. "
Subdomain takeover possible through Webflow ?
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
46
Points
18
You should create a Fastly account and try it. Sometimes you can get this error:
"Domain 'xxx.com' is already taken by another customer"

It may change. Possible and sometimes not possible. :)
 

rat

 
Registered
Joined
Dec 15, 2019
Messages
6
Points
3
I appreciate your quick answer, nice platform. This platform is promising future.
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
46
Points
18
Hope so. :) You can join our Telegram channel to get quicker answers.
I appreciate your quick answer, nice platform. This platform is promising future.
 
  • Like
Reactions: rat

rat

 
Registered
Joined
Dec 15, 2019
Messages
6
Points
3
@numaN
So how do I test this subdomain? Eg; world.wideweb.com
Fasty only allows me to control the primary domain names. Eg; wideweb.com
I'm new to this business, please warn me if my questions are unsatisfactory :)
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
46
Points
18
Let you take a look it. :)

@numaN
So how do I test this subdomain? Eg; world.wideweb.com
Fasty only allows me to control the primary domain names. Eg; wideweb.com
I'm new to this business, please warn me if my questions are unsatisfactory :)
 
  • Like
Reactions: rat

rat

 
Registered
Joined
Dec 15, 2019
Messages
6
Points
3
This was pretty obvious :)
The result was frustration for "worldcup.fortnite.com"(yes i am tried this) :)
Thank you again for your return.
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
46
Points
18
If you got "Domain 'xxx.com' is already taken by another customer" error, try for another subdomains bro. Seems like impossible.
 

rat

 
Registered
Joined
Dec 15, 2019
Messages
6
Points
3
I'm constantly bothering you, but how can we know which domain is pointing to which service?
So how do I know which service to try to inherit from subdomains?
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
46
Points
18
If your subdomain is blog.hackking.net, run this command in your Linux terminal:
dig blog.hackking.net
This command will show you DNS records. So you can see which provider hosting the blog.
But I could not understand your second question.
Note: If you find a vulnerability, go and directly report it. It is the purpose of the tool. :)
I'm constantly bothering you, but how can we know which domain is pointing to which service?
So how do I know which service to try to inherit from subdomains?
 
  • Like
Reactions: rat

rat

 
Registered
Joined
Dec 15, 2019
Messages
6
Points
3
For example. "mail.example.com" how can I get this if the domain name is not taken. I ran a CNAME query using the dig command. But I still don't know exactly how things work.

I appreciate your patience.
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
46
Points
18
If this subdomain is vulnerable to takeover, you will see a result like:
==== POSSIBLE TAKEOVER VULNERABILITY DETECTED ====
error in the page. Let you send me PM, I will give you a demo site to show you how it actually work.
For example. "mail.example.com" how can I get this if the domain name is not taken. I ran a CNAME query using the dig command. But I still don't know exactly how things work.

I appreciate your patience.
 
Top