fix trail space

2023-08-25 14:13:40 +05:30 · 2023-08-25 14:13:40 +05:30 · bf7ddd7e2a
parent 7b5070aa5b
commit bf7ddd7e2a
1 changed files with 11 additions and 9 deletions
--- a/dns/lemlist-takeover.yaml
+++ b/dns/lemlist-takeover.yaml
@ -1,11 +1,12 @@
 id: lemlist-takeover

 info:
-  name: Subdomain Takeover Lemlist
+  name: Lemlist - Subdomain Takeover Detection
  author: kresec
  severity: high
-  description: The takeover will succeed when the target domain has a cname that points to the lemlist and in their account they only customize the domain in the tracking column so in the custom page column, as an attacker, they can enter the target domain. 
-  reference: 
+  description: |
+    The takeover will succeed when the target domain has a cname that points to the lemlist and in their account they only customize the domain in the tracking column so in the custom page column, as an attacker, they can enter the target domain.
+  reference:
    - https://www.lemlist.com/blog/custom-tracking-domain
    - https://kresec.medium.com/10k-site-affected-subdomain-takeover-via-lemlist-146cd0f11883
  tags: dns,takeover,lemlist
@ -13,15 +14,16 @@ info:
 http:
  - method: GET
    path:
-      - "http://{{Hostname}}"
+      - "{{BaseURL}}"
    
+    matchers-condition: and
    matchers:
+      - type: dsl
+        dsl:
+          - Host != ip
+
      - type: word
-        part: title
        words:
          - "Custom domain check"
-          
-      - type: word
-        part: body
-        words:
          - "app.lemlist.com"
+        condition: and