nuclei-templates/http/takeovers/lemlist-takeover.yaml

37 lines
1.1 KiB
YAML
Raw Permalink Normal View History

id: lemlist-takeover
info:
2023-08-25 08:43:40 +00:00
name: Lemlist - Subdomain Takeover Detection
author: kresec
severity: high
2023-08-25 08:43:40 +00:00
description: |
The takeover will succeed when the target domain has a cname that points to the lemlist and in their account they only customize the domain in the tracking column so in the custom page column, as an attacker, they can enter the target domain.
reference:
- https://www.lemlist.com/blog/custom-tracking-domain
- https://kresec.medium.com/10k-site-affected-subdomain-takeover-via-lemlist-146cd0f11883
metadata:
max-request: 1
tags: dns,takeover,lemlist
http:
- method: GET
path:
2023-08-25 08:43:40 +00:00
- "{{BaseURL}}"
2023-08-25 11:09:23 +00:00
2023-08-25 08:43:40 +00:00
matchers-condition: and
matchers:
2023-08-25 08:43:40 +00:00
- type: dsl
dsl:
- Host != ip
- type: word
words:
- "Custom domain check"
- "app.lemlist.com"
2023-08-25 08:43:40 +00:00
condition: and
2024-07-10 11:31:30 +00:00
extractors:
- type: dsl
dsl:
- cname
# digest: 4b0a0048304602210087cff5b29fe3d2e7e6d3cf00af41334b7de1a4f9ef76ad9af08f1d6d700b9916022100a51b24c27a3f0a1fc72af5d426dc099546d39eb6f6b217310113c9027b216076:922c64590222798bb761d5b6d8e72950