漏洞描述
Uservoice takeover was detected.
uservoice-takeover: Uservoice Takeover Detection
PoC代码[已公开]
id: uservoice-takeover
info:
name: Uservoice Takeover Detection
author: MiryangJung
severity: high
description: Uservoice takeover was detected.
reference:
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/163
- https://hackerone.com/reports/269109
metadata:
max-request: 1
tags: takeover,uservoice,hackerone,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: dsl
dsl:
- Host != ip
- type: word
words:
- "This UserVoice subdomain is currently available!"
extractors:
- type: dsl
dsl:
- cname
# digest: 490a00463044022025c1289b96f2057785f0d7e17b7c9c3ac1cea4ec0f06f196e31fbea7c96311b1022028c3e21793fdeeb22c8ea59771e6ea75a43c088bd03de12685ad29b7be71e1d9:922c64590222798bb761d5b6d8e72950