can-i-take-over-xyz
can-i-take-over-xyz copied to clipboard
EdOverflow
No clarification of handling false positives
For some of the mentioned vendors, which I've had experience dealing with, there is no clarification to hackers using this list of where a false positive could occur.
In the instance of Unbounce for example, an empty Unbounce would in some cases yield the same response as a claimed one.
By suggesting to hackers that it is vulnerable to takeover but it requires a paid account, this could cause confusion and lead to some hackers reading this to just file a report whenever they see an Unbounce with nothing on the homepage.
While I mentioned the Unbounce issue specifically, it might be good to mention the "gotchas" with other vendors when claiming domains more clearly (like is done presently with Fastly, although I think it could be clearer than just a "yes"). This isn't clear to lesser experienced hackers and likely also won't be clear to security teams handling these bugs, and would likely prevent it being fuel for long debates between hackers and teams about whether x takeover is actually vulnerable if it was more honest with the shortcomings of exploiting with certain vendors.
This is a wonderful suggestion, @rubyroobs; thank you for bringing it up. I will work on clarifying where potential issues lie and how to actually determine whether or not a host is vulnerable.
@EdOverflow I'm happy to tackle this once the repository is back up to date with pull requests. Concerned if this is done now it will make for a difficult chain of events to merge later.
Not ignoring this, I've played with it a few times and just trying to work out the best approach before merging.
