Skip to content

Readme.io proofs #41

Closed
Closed
Readme.io proofs#41
Labels
vulnerableSomeone has provided proof in the issue ticket that one can hijack subdomains on this service.
@PatrikHudak

Description

@PatrikHudak
PatrikHudak
opened on Sep 15, 2018

Service name

Readme.io (https://readme.io/)

Proof

The subdomains reside on *.readme.io. It is a classic virtual hosting scenario like in other similar services.

To verify whether subdomain takeover may be possible, run:

http -b GET http://{DOMAIN NAME} | grep -F -q "Project doesnt exist... yet!" && echo "Subdomain takeover may be possible" || echo "Subdomain takeover is not possible"

(Assuming you have Readme.io account created.)

  1. Go to dashboard.
  2. Set Project Name and its subdomain. Subdomain does not need to match the domain you are trying to takeover.
  3. In left sidebar, go to General Settings -> Custom Domain.
  4. Set Custom domain to the domain you want to takeover.
  5. Click Save.

Documentation

https://readme.readme.io/docs/setting-up-custom-domain

Metadata

Metadata

Assignees

No one assigned

    Labels

    vulnerableSomeone has provided proof in the issue ticket that one can hijack subdomains on this service.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions