meteor-takeover: Meteor subdomain takeover

日期: 2025-08-01 | 影响软件: Meteor | POC: 已公开

漏洞描述

Meteor takeover was detected.

PoC代码[已公开]

id: meteor-takeover

info:
  name: Meteor subdomain takeover
  author: rivalsec
  severity: high
  description: Meteor takeover was detected.
  reference:
    - https://rivalsec.github.io/blog/2022/12/02/meteor.html
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/321
  metadata:
    max-request: 1
  tags: takeover,meteor,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        words:
          - "404 Not Found: No applications registered for host '"

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4b0a00483046022100efaeab05bb4dc67657b6ec08f9a142168497b88d20ac0c42311fd0fcca0e55cc022100e6da64f61a2c72b03b9b95dc0ce43711a3d92c2f474e7efd600659bb259997e1:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/takeovers/meteor-takeover.yaml

相关漏洞推荐