Skip to content

Is uservoice subdomain takeover possible? #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1nc0gn170 opened this issue Aug 21, 2020 · 6 comments
Open

Is uservoice subdomain takeover possible? #163

1nc0gn170 opened this issue Aug 21, 2020 · 6 comments
Labels
not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.

Comments

@1nc0gn170
Copy link

I have found a program where website its response is 404 and Its Cname is pointing to uservoice.com.
I didn't find any registration portal for that site.

;; ANSWER SECTION:
mywebsite.com. 299 IN	CNAME	mywesbsite.uservoice.com.

Screenshot from 2020-08-21 14-44-19

Anyone Help me please
@HammyHavoc
Copy link

HammyHavoc commented Jan 20, 2021
edited
Loading

Wondering this myself as a former UserVoice user. CC @austintaylor @attack7 @hoffoo

@hoffoo
Copy link

hoffoo commented Jan 21, 2021

@n41n4 @HammyHavoc

It is not possible - subdomain cnames are unique and cannot be reused

@HammyHavoc
Copy link

@n41n4 @HammyHavoc

It is not possible - subdomain cnames are unique and cannot be reused

Thanks for that! Thought as much. I had somebody reach out asking for a bug bounty reward in exchange for this "information".

@EdOverflow EdOverflow added the not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers. label Feb 3, 2021
@pdelteil
Copy link
Contributor

pdelteil commented Dec 6, 2022

More info https://hackerone.com/reports/269109

@sn1p3rt3s7
Copy link

@pdelteil So is it vulnerable?

@sn1p3rt3s7
Copy link

But it can cause Broken link hijacking if the name.uservoice.com is directly embedded in a site.
Seen this type of issue, but closed as Informative on H1, X program as it is considered out of scope.
https://docs.hackerone.com/en/articles/8494488-core-ineligible-findings
But still some programs on H1 accept BLH so basically it depends

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@HammyHavoc @hoffoo @EdOverflow @pdelteil @sn1p3rt3s7 @1nc0gn170