leadpages-takeover: Leadpages takeover detection

id: leadpages-takeover

info:
  name: Leadpages takeover detection
  author: philippedelteil,mielverkerken
  severity: high
  description: Leadpages takeover was detected.
  reference:
    - https://www.youtube.com/watch?v=HRFplefT46U
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/166
    - https://github.com/PushpenderIndia/subdover/issues/2
  metadata:
    max-request: 1
  tags: takeover,leadpages,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        words:
          - <h2 class="lp-headline text-align-center subhead">This page couldn't be found, so let's get you turned around!</h2>
          - "The page you're looking for may have moved."
          - "Double check that you have the right web address and give it another go!"
        condition: or

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4b0a00483046022100bc0967df6b5a6e5ef39c64ad4449310e75f311f57a49da8fe19bb0971f54e02d022100c6dfc5f4fba341aab0e37b55863603bbefa2e875cd5200fa1cae2ab171fb56ca:922c64590222798bb761d5b6d8e72950