Subdomain Takeover through Kinsta

Question

Subdomain Takeover through Kinsta

Avileox opened this issue 6 years ago · 7 comments

Avileox commented 6 years ago

Service name

Kinsta

Website

https://kinsta.com/

Credential

Condition

Subdomain takeover through Kinsta is possible but for creating POC you need a paid account because kinsta need a paid account for creating subdomains and using web hosting through kinsta.

Answer 1 · 2018-10-18T07:08:45.000Z

@Cyberdolt have you performed one of these already or do you have a reference writeup so I can add this to the main repository?

Answer 2 · 2018-10-20T05:22:29.000Z

I reported this issue but the organization didn't fix the issue yet so, I am waiting for them to resolve after that I will provide the full description.

Answer 3 · 2019-05-03T21:54:23.000Z

@Avileox
How it possible to take a subdomain over as long as it has an A record for a kinsta dedicated IP ?

Answer 4 · 2019-05-04T04:44:10.000Z

Most Probably, It is impossible to takeover subdomain with A record through Kinsta.
Here is the response from kinsta for orphan CNAME.
404 Not Found
Content-Length=[33604]
Server = kinsta-nginx

Answer 5 · 2019-05-04T05:01:06.000Z

I met the same response with an A record

Answer 6 · 2020-07-04T12:48:20.000Z

So does that mean, if a vulnerable subdomain has the A record pointing to an IP, it's impossible to takeover the subdomain?

Answer 7 · 2021-09-09T13:59:56.000Z

This is no longer possible, requires TXT verification.