New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Pantheon #24
Comments
Just letting you know we're not ignoring this one - just trying to carve out some time to properly test it. |
Sure, take your time. Thanks for the follow up information! |
Resolved with #83 |
i think it doesn't work anymore |
Yup agreed with @omaramin17. |
Did you find fix for this? |
I just tried it and I confirm it is not possible to takeover. Any other update so far? |
Is it not possible to takeover on pantheon anymore? |
I just took over many patheon subdomains. You need to activate your account using a credit card. I used a virtual credit card and it worked for free. |
pantheon is vulneable Did many takeover this month |
@aadityao1 @pdelteil can you please mention the steps in detail. |
Sure, I will, just need some time. |
@pdelteil update the steps bro |
Hello, Any dork for this? |
Hey, I recently found a page with the Pantheon 404 error. I made an account and paid the $50 dollar signup fee. But when I tried to add the vulnerable subdomain, it gave me a “this domain belongs to another organization.” So I cant say for sure if it’s totally impossible to takeover in all situations, but for me it didn’t work and sadly lost money in the process. Thanks for your work! |
Here.. I used a virtual credit card with no funds to bypass the payment step. |
I can confirm it's possible still to take over Pantheon domains. Using a virtual credit card I managed to bypass the payment of 50 dollars. |
Is there an up-to-date way to get around the $50 payment? |
Reach me over twitter if you need to test a takeover |
So, this is a edge case. Since some subdomains are vulnerable, while others are not. I don't know the reason. |
@pdelteil Although a site using pantheon does not have the word "dev" in its cname, this subdomain adds "dev-" to the beginning when I take over the address. what is the reason of this? |
I don't really know, that seems to be new on the site. |
Is this still possible? I have access to the Basic subscription, however, I'm getting the error:
Maybe the company has an enterprise subscription with the domain that causes this error? |
Hello, I haven't tried lately. If you can't add a specific domain doesn't mean you can't add others. |
Thanks for the answer @pdelteil , what do you mean with others? Despite of not being able to add Thanks! |
Want I meant is, if one domain is not vulnerable doesn't mean other domains are not vulnerable. You just need to try them all. |
I won't tolerate abusive and rude behavior. I have helped many researchers, almost all of them were respectful and we agreed on the terms of the collaboration. You insulting me describes very well your character. |
@pdelteil I regret asking for help from you.. Since you know the domain name now, go ahead report it , i dont care now ! |
@pdelteil what's your Twitter i want to get subdomain checked |
Hi, I don't longer have a paid account on Pantheon. |
Hey,
I just wanted to submit another website: Pantheon.
Reference: https://medium.com/@hussain_0x3c/hostile-subdomain-takeover-using-pantheon-ebf4ab813111
The text was updated successfully, but these errors were encountered: