github-takeover: Github Takeover Detection

日期: 2025-08-01 | 影响软件: Github Takeover | POC: 已公开

漏洞描述

Github takeover was detected.

PoC代码[已公开]

id: github-takeover

info:
  name: Github Takeover Detection
  author: pdteam,th3r4id
  severity: high
  description: Github takeover was detected.
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz
  metadata:
    max-request: 1
  tags: takeover,github,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        words:
          - "There isn't a GitHub Pages site here."
          - "For root URLs (like http://example.com/) you must provide an index.html file"
          - "The site configured at this address does not contain the requested file."
          - "For root URLs (like <code>http://example.com/</code>)"
        condition: or

      - type: dsl
        dsl:
          - '!contains(host,"githubapp.com")'
          - '!contains(host,"github.com")'
          - '!contains(host,"github.io")'
        condition: and

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 490a0046304402205c3279945a443431a576c93c47eb72337fd305d4626108139f47d1b234ba4cc402202cafff4a169252400436017b9dfcf9d1e5e24cbca031ae0cb9e32bf80672b389:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/takeovers/github-takeover.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐