漏洞描述
Worksites takeover was detected.
worksites-takeover: Worksites Takeover Detection
PoC代码[已公开]
id: worksites-takeover
info:
name: Worksites Takeover Detection
author: melbadry9,dogasantos
severity: high
description: Worksites takeover was detected.
reference:
- https://melbadry9.gitbook.io/blog/dangling-dns/xyz-services/ddns-worksites
metadata:
verified: true
max-request: 2
tags: takeover,dns,vuln
dns:
- name: "{{FQDN}}"
type: A
class: inet
recursion: true
retries: 3
matchers:
- type: word
words:
- "69.164.223.206"
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: dsl
dsl:
- Host != ip
- type: word
words:
- "Company Not Found"
- "worksites.net"
condition: and
- type: status
status:
- 404
extractors:
- type: dsl
dsl:
- cname
# digest: 4b0a00483046022100a173c7dcbbb73bd7ce48d8067d2f8d368cf9d714ad390eeedc4722da52dfb7ea022100c535acf3abd79a552be49c0d1757c6d0e7d4f9ef40c84d5af621955a74111c19:922c64590222798bb761d5b6d8e72950