EdOverflow/can-i-take-over-xyz

Ghost subdomain takeover not possible on 404: Page Not Found The thing you were looking for is no longer here, or never was

gujjuboy10x00 opened this issue 5 years ago · 4 comments

gujjuboy10x00 commented 5 years ago

Service name

This is only possible to takeover if http://vulnerabledomain.ghost.io/ghost/#/signin is redirect to https://offline.ghost.org/#/signin (where vulnerable domain is vulnerable host like adminpatel etc. )

Proof

go to https://adminpatel.ghost.org/ghost/#/signin and takeover it

Kaue-Navarro commented 2 years ago

Hello good afternoon!!

Is this acquisition still possible?

Kaue-Navarro commented 2 years ago

YES, I CONFIRME is possible acquisition!

domain.com is an alias for xxxxx.ghost.io.

pdelteil commented a year ago

In the case I was testing it was not possible, here the detail:

target.domain.com alias for target2.ghost.io

Tried to create an account/site using target2 but it was created as target2-2. And when I tried to change it manually, displayed an error message to contact support.

Kaue-Navarro commented a year ago

First you create a common site there you will get a pseudonym from them.

Then in the account you change it.

https://medium.com/@kauenavarro/bug-bounty-subdomain-takeover-in-target-cname-ghost-io-e5c601a2dd55

So if your case was not the same as mine in terms of configuration within the platform by the target host.

But see my article if it helps you understand the process.