Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

subdomain takeover at FeedPress not working #80

Open
sumgr0 opened this issue Mar 3, 2019 · 4 comments
Open

subdomain takeover at FeedPress not working #80

sumgr0 opened this issue Mar 3, 2019 · 4 comments

Comments

@sumgr0
Copy link

sumgr0 commented Mar 3, 2019

Service name: FeedPress

Documentation

Based on the information shared in the hackerone report for FeedPress based subdomain, not able to takeover the ownership. The error message on the URL stated:

FeedPress
The feed has not been found.
You have a blog or a website? Let us handle your RSS feeds.

After creating the account on feedpress, and trying to takeover the subdomain by selecting My Hostname and entering the programs sub-domain, it results in the error message - "The hostname xyz.domain.com is already registered on FeedPress."

Is the sub-domain takeover in such scenario possible?

Thanks

@JLLeitschuh
Copy link

Sometimes the error isn't truly indicative of being able to perform a takeover.

Eg.
This site indicates an error, suggesting that the sub-domain takeover is possible.

https://feed.gradle.org/

However, these sites are completely valid indicating that the domain is actually in use in a way that can't be compromised.

All of this being said, the general security of FeedPress isn't all that good. I've been trying to get in contact with their team about other security problems with their site and they aren't responding. Honestly, I would recommend not trusting FeedPress with access to one of your sub-domains as their security practices don't seem to be all that good.

@gy741
Copy link

gy741 commented Jun 14, 2020

Hello, FeedPress appears to be no longer vulnerable.

The hostname xx.target.com is already registered on FeedPress.

Thanks

@cyberblackhole
Copy link

I confirm feedpress is not vulnerable. Testing on few domains.

@pdelteil
Copy link
Contributor

Not vulnerable. Also received a

The hostname xx.target.com is already registered on FeedPress.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants