test for js takeover
SimonGurney opened this issue · 1 comments
SimonGurney commented
There is a takeover vector which doesnt get as much love, which is when the website resolves and provides a web response but includes a js file from an old unregistered domain. If we register the domain, we can provide our own JS file and execute arbitrary javascript on the page. This leads to full website takeover via redirect etc.
I think we can parse out the js files using beautiful soup
SimonGurney commented
Yeah so this is prone to false positives and hugely slow. I tested the project discovery domains and found nothing genuine, closing this down.