Create lemlist-takeover.yaml

subdomain takeover with lemlist
2023-08-25 13:45:40 +07:00 · 2023-08-25 13:45:40 +07:00 · 7b5070aa5b
parent de8fbcbea3
commit 7b5070aa5b
1 changed files with 27 additions and 0 deletions
--- a/dns/lemlist-takeover.yaml
+++ b/dns/lemlist-takeover.yaml
@ -0,0 +1,27 @@
+id: lemlist-takeover
+
+info:
+  name: Subdomain Takeover Lemlist
+  author: kresec
+  severity: high
+  description: The takeover will succeed when the target domain has a cname that points to the lemlist and in their account they only customize the domain in the tracking column so in the custom page column, as an attacker, they can enter the target domain. 
+  reference: 
+    - https://www.lemlist.com/blog/custom-tracking-domain
+    - https://kresec.medium.com/10k-site-affected-subdomain-takeover-via-lemlist-146cd0f11883
+  tags: dns,takeover,lemlist
+
+http:
+  - method: GET
+    path:
+      - "http://{{Hostname}}"
+    
+    matchers:
+      - type: word
+        part: title
+        words:
+          - "Custom domain check"
+          
+      - type: word
+        part: body
+        words:
+          - "app.lemlist.com"