[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sub domains hosted on smartjobboard.com or mysmartjobboard.com are also possible to be claimed #139

Open
GDATTACKER-RESEARCHER opened this issue Apr 2, 2020 · 5 comments
Open

sub domains hosted on smartjobboard.com or mysmartjobboard.com are also possible to be claimed #139

GDATTACKER-RESEARCHER opened this issue Apr 2, 2020 · 5 comments
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.

Comments

@GDATTACKER-RESEARCHER
Copy link

Service name

smartjobboard.com
mysmartjobboard.com

Proof

go to smartjobboard.com
before

create a trial account.

settings>System Settings>add your vulnerable domain in column "Custom Domain Name"
after

Documentation

https://help.smartjobboard.com/en/articles/1269655-connecting-a-custom-domain-name
@proabiral
Copy link
proabiral commented Apr 2, 2020
edited
Loading

Just confirmed that this works 👍
Thanks for sharing.

@GDATTACKER-RESEARCHER
Copy link
Author
GDATTACKER-RESEARCHER commented Apr 2, 2020 via email

@GDATTACKER-RESEARCHER
Copy link
Author
GDATTACKER-RESEARCHER commented Apr 3, 2020 via email

@JLLeitschuh
Copy link

Why not you guys updating the list with other vulnerable hosts.

Feel free to create a PR with a link to this issue. That's part of how contributing to this repository works.

@codingo
Copy link
Collaborator
codingo commented Apr 6, 2020

As @JLLeitschuh mentioned, please do raise a pull request. @EdOverflow and I are happy to maintain this, but there's a limit to the time that can be invested given the vast number of other projects we both work on.

@adiffpirate adiffpirate mentioned this issue Apr 12, 2020
Merged
@EdOverflow EdOverflow added the vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service. label May 18, 2020
manasmbellani pushed a commit to manasmbellani/subjack that referenced this issue Aug 16, 2020
fingerprint.json: added check for smartjobboard subdomain takeover. T…
d77f81b 
…aken from: EdOverflow/can-i-take-over-xyz#139
manasmbellani pushed a commit to manasmbellani/subjack that referenced this issue Aug 16, 2020
fingerprint.json: added check for smartjobboard subdomain takeover. T…
3fa3bae 
…aken from: EdOverflow/can-i-take-over-xyz#139
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@codingo @JLLeitschuh @EdOverflow @proabiral @GDATTACKER-RESEARCHER