You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
makeswift.site is a service provided by MakeSwift that enables clients to use custom domains via CNAME records pointing to makeswift.site.
When the associated MakeSwift project is deleted or not configured properly, the subdomain becomes unclaimed, resulting in a 404 error. This state renders the subdomain vulnerable to takeover.
Proof
Setup a CNAME pointing to makeswift.site
Example:
vulnerable.example.com CNAME makeswift.site
Check for Vulnerability
Access the subdomain (https://vulnerable.example.com) and observe a response like (Error Vercel):
404: NOT_FOUND
Code: DEPLOYMENT_NOT_FOUND
Takeover the Subdomain
Go to setting MakeSwift project.
Add the custom domain (vulnerable.example.com) in the MakeSwift dashboard.
Verify ownership through DNS and Set as primary domain
if the subdomain is vulnerable, it will show the page that we created
makeswift.site is a service provided by MakeSwift that enables clients to use custom domains via CNAME records pointing to makeswift.site.
When the associated MakeSwift project is deleted or not configured properly, the subdomain becomes unclaimed, resulting in a 404 error. This state renders the subdomain vulnerable to takeover.
Proof
Setup a CNAME pointing to makeswift.site
Example:
Check for Vulnerability
Access the subdomain (https://vulnerable.example.com) and observe a response like (Error Vercel):
Takeover the Subdomain
Go to setting MakeSwift project.
Add the custom domain (vulnerable.example.com) in the MakeSwift dashboard.
Verify ownership through DNS and Set as primary domain
if the subdomain is vulnerable, it will show the page that we created
Documentation
https://docs.makeswift.com/product/site/domains
The text was updated successfully, but these errors were encountered: