Hijacking tons of Instapage expired users Domains Subdomains
Hello all?
so this post is about how I?was able to hijack ton’s of domains/subdomains who using Instapage?if?there service got expired.
What is instapage ?
Instapage?is a service that lets you build landing pages for your online marketing and promotion campaigns with ease. It offers features such as A/B Testing, multiple campaign management, easy page building, and a lot more!
it also allows users to map its?template?on?there own?domain or subdomains.
How i found it ?
as am one of researchers from?HackerOne?platform , I?was trying to get something on?HackerOne?itself as I want that?Hacking Hackers?Badge?of my?profile.
I found?hacker.one?is inscope domain list which is one of the?officail?website of?HackerOne, and when I?vistied it and?seen some error which caught in my eye and after figuring?it, I come to know it wasInstapage?error which?occurs when service?get expired or domain or subdoamin not linked properly and it takes just few mintues to figurte it out that I?can publish my own template to any of misconfigured?and expired domains/subdomains of instapage?and luckly?HackerOne?is one of there users.
Instapage error on Hacker.One :
?
Vulnerable Post Request :
POST /ajax/builder2/publish/2340488 HTTP/1.1 Host: app.instapage.com User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://app.instapage.com/builder2?id=2340488 Content-Length: 31 Cookie: cookie_value Connection: close version=1&url=www.hacker.onewhere?url?parameter value contain vulnerable domains .
Hacker.One domain Takeover :?
?
Here is the Video POC :
and with help of?Google dork?and error of?instapage I?found?tons?of websites are?Vulnerable for this and anyone can takeover it with own content on it, I?contacted Instapage via HackerOne.
HackerOne?fixed it next of report by removing the cname entry pointing to instapage and later Instapage fixed in completely and got confirmation of fix via?HackerOne report thread.
Thanks to?HackerOne?to being a mediator?for?contacting?Instapage?and fixing the things?in correct?way.
轉載于:https://www.cnblogs.com/hackforfun/p/5930118.html
總結
以上是生活随笔為你收集整理的Hijacking tons of Instapage expired users Domains Subdomains的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: windows 7编辑启动菜单 bcde
- 下一篇: Mesos 1.1.1 发布说明