netlify-takeover: netlify takeover detection

日期: 2025-08-01 | 影响软件: netlify | POC: 已公开

漏洞描述

netlify takeover was detected.

PoC代码[已公开]

id: netlify-takeover

info:
  name: netlify takeover detection
  author: 0xPrial,pdteam
  severity: high
  description: netlify takeover was detected.
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/40
    - https://monish-basaniwal.medium.com/how-i-found-my-first-subdomain-takeover-vulnerability-b7d5c17b61fd
    - https://github.com/EdOverflow/can-i-take-over-xyz/pull/289
  metadata:
    max-request: 1
  tags: takeover,netlify,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        part: body
        words:
          - "Not Found - Request ID:"
        case-insensitive: true

      - type: word
        part: header
        words:
          - "Netlify"

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4a0a0047304502206377577316da5bf698c252943cde7d2ae95f46dd0a6193f688f2d1aef41cba8d02210080f88d213e90feda101980f2d365a3cf16a47408bec989e747dc78dc194aa705:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/takeovers/netlify-takeover.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐