uberflip-takeover: Uberflip Takeover Detection

日期: 2025-08-01 | 影响软件: Uberflip | POC: 已公开

漏洞描述

Uberflip takeover was detected.

PoC代码[已公开]

id: uberflip-takeover

info:
  name: Uberflip Takeover Detection
  author: pdteam
  severity: high
  description: Uberflip takeover was detected.
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/150
    - https://hackerone.com/reports/863551
  metadata:
    max-request: 1
  tags: takeover,uberflip,hackerone,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        words:
          - "Non-hub domain, The URL you've accessed does not provide a hub."

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4a0a00473045022100f82445e425315f5d432aba4a5720b732d5aedc602408f41e86478e728baf03f7022078c33ff4a4a92c685951f614100779c8287d813eb5feddd561ba654784de27d4:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/takeovers/uberflip-takeover.yaml

相关漏洞推荐