Create clever-takeover.yaml

2023-11-25 21:41:05 +05:30 · 2023-11-25 21:41:05 +05:30 · 595a8871ff
parent 9b8da6f22d
commit 595a8871ff
1 changed files with 30 additions and 0 deletions
--- a/http/takeovers/clever-takeover.yaml
+++ b/http/takeovers/clever-takeover.yaml
@ -0,0 +1,30 @@
+id: clever-takeover
+
+info:
+  name: Clever Cloud - Subdomain Takeover Detection
+  author: supr4s
+  severity: high
+  description: Clever Cloud subdomain takeover was detected.
+  reference:
+    - https://supras.io/new-subdomain-takeover-case-clever-cloud/
+  metadata:
+    max-request: 1
+  tags: takeover
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - Host != ip
+
+      - type: word
+        part: body
+        words:
+          - "The application you're trying to access doesn't seem to exist"
+          - "support@clever-cloud.com"
+        condition: and