Unable to find subdomain takeover for unbounce

[ranjit-git]

create your wordlist with studio.wrike.com
this domain is takeover possible but your tool is unable to detect it.

[Ice3man543]

Can you provide more detail?

[Damian89]

Hi,
its because the http header has to be checked and not the response itself (noticed it some time ago). The markers you are using are correct (Page does not exists, ...) but it looks like you are checking the http_body only, but in this case also the http header has to be checked.

[Ice3man543]

Thanks for the detailed response. I'll fix this really soon, I promise.

[Damian89]

You are welcome!

Another example is: explore.luxuryretreats.com

But: studio.wrike.com and explore.luxuryretreats.com are not vulnerable (since unbounce is a special case, we have to check if its really possible to register those subdomains @ unbounce). In both cases thats not the case!

[Ice3man543]

Yeah, I have read that ubvounce only allows takeover when the domain wasn't added even once to a service. Else not.

[Ice3man543]

Sorry for the late response, actually the public project is discontinued. Please check https://github.com/haccer/subjack. I am not maintaining this at the moment.