nuclei-templates/http/takeovers/uservoice-takeover.yaml

34 lines
873 B
YAML
Raw Permalink Normal View History

2022-08-27 02:18:39 +00:00
id: uservoice-takeover
info:
2022-08-27 15:58:37 +00:00
name: Uservoice Takeover Detection
2022-08-27 02:18:39 +00:00
author: MiryangJung
severity: high
2023-12-22 08:59:06 +00:00
description: Uservoice takeover was detected.
2022-08-27 02:18:39 +00:00
reference:
2022-12-06 18:23:33 +00:00
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/163
- https://hackerone.com/reports/269109
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: takeover,uservoice,hackerone
2022-08-27 02:18:39 +00:00
http:
2022-08-27 02:18:39 +00:00
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
2022-08-27 02:18:39 +00:00
matchers:
- type: dsl
dsl:
- Host != ip
2022-08-27 02:18:39 +00:00
- type: word
words:
- "This UserVoice subdomain is currently available!"
2024-07-10 11:31:30 +00:00
extractors:
- type: dsl
dsl:
- "resolve(Host, 'cname')"
# digest: 4a0a00473045022078cb1c9e43356b1552b148b33bf5f893b30896bd5abe83163c7309be3645b321022100ab778902fad53051087acce72732788a6769482f444d888820afd1b18fc1d4d2:922c64590222798bb761d5b6d8e72950