Cargo Collective Subdomain Takeover
z3dc0ps opened this issue · 15 comments
Some Help with Cargo Collective Subdomain Takeover
404 not found how i taken subdomain
Hi
How we can takeover corgocollective subdomain?
any resource?
i have found 3 subdomain that point to corgocollective.
Hi
i found 404 NOT FOUND error how i takeover the subdomain****
bro how to takeover cargo subdomain i got error please answer mi bro
- I tired to signup up on
https://cargo.site/ - Selected a new template for my site and entered a
random.cargo.site - On my website editor page, clicked on
Settingsbutton and selectedConnect and Existing Domain Name. - However, my target was not vulnerable as after entering my target domain name as custom domain, it showcased -
Domain name already in use by blah blah siteerror.
Hope this helps incase this is the right method.
Can anyone help with the Cargo Collective subdomain?
- I tired to signup up on
https://cargo.site/- Selected a new template for my site and entered a
random.cargo.site- On my website editor page, clicked on
Settingsbutton and selectedConnect and Existing Domain Name.- However, my target was not vulnerable as after entering my target domain name as custom domain, it showcased -
Domain name already in use by blah blah siteerror.Hope this helps incase this is the right method.
I think cargo collective needs payment before you can add a domain
the problem is with the DNS configuration , after you purchase the Service and buy a subscription you have to point the subdomain to your POC page that you created on Cargo which you cant do that because you dont have access to the dns configuration of the subdomain or thats what i think ? Correct me if i am wrong!
Thanks for your reply. I deleted my previous comment, because I did not want to spam/trash this comment section. What happened is that subzy tool reported a false positive cargo domain/subdomain which after checking DNS records is not. But what concerns me is how this happened (the false positive). How did the signature match with this subdomain? I believe that the signature is wrong. Maybe Cargo changed it...
it was asking payments to add a existing domain
This replay for You >> ghbfgb
Yes, i know that and i purchased the subscription and i was able to add the subdomain but there is a problem because you want the subdomain to point to the Cargo url which you need to do that through DNS config and to be able to control that and you can't since you dont really own this subdomain and there is no way you can control that.
Don't use that tool for subdomain takeovers, use nuclei templates much easier to detect false positives.
…
On Sat, Aug 31, 2024, 13:36 Nikos Dalezios @.> wrote: Thanks for your reply. I deleted my previous comment, because I did not want to spam/trash this comment section. What happened is that subzy tool reported a false positive cargo domain/subdomain which after checking DNS records is not. But what concerns me is how this happened (the false positive). How did the signature match with this subdomain? — Reply to this email directly, view it on GitHub <#152 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2OS73PLNENW5FH2YTXQBTZUIEKTAVCNFSM4OBFYKA2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMZSGMYDAOJYHA2A . You are receiving this because you are subscribed to this thread.Message ID: @.>
THanks for the NUCLEI suggestion!
Is this available now, I got a subdomain but it's asking for $17/year if I buy it, is it a Takeover or does it ask for TXT?
is there any way to verify the bug for poc without buying the cargo collective ?