-
-
Notifications
You must be signed in to change notification settings - Fork 724
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
subdomain takeover at FeedPress not working #80
Comments
Sometimes the error isn't truly indicative of being able to perform a takeover. Eg. However, these sites are completely valid indicating that the domain is actually in use in a way that can't be compromised.
All of this being said, the general security of FeedPress isn't all that good. I've been trying to get in contact with their team about other security problems with their site and they aren't responding. Honestly, I would recommend not trusting FeedPress with access to one of your sub-domains as their security practices don't seem to be all that good. |
Hello, FeedPress appears to be no longer vulnerable. The hostname xx.target.com is already registered on FeedPress. Thanks |
I confirm feedpress is not vulnerable. Testing on few domains. |
Not vulnerable. Also received a
|
Service name: FeedPress
Documentation
Based on the information shared in the hackerone report for FeedPress based subdomain, not able to takeover the ownership. The error message on the URL stated:
FeedPress
The feed has not been found.
You have a blog or a website? Let us handle your RSS feeds.
After creating the account on feedpress, and trying to takeover the subdomain by selecting My Hostname and entering the programs sub-domain, it results in the error message - "The hostname xyz.domain.com is already registered on FeedPress."
Is the sub-domain takeover in such scenario possible?
Thanks
The text was updated successfully, but these errors were encountered: