can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

Subdomain Takeover via HubSpot

Open m7mdharoun opened this issue 7 years ago • 10 comments

HubSpot

Proof

Example of https://hackerone.com/reports/38007

Doc

I do the same takeover last 2 days so The vulnerability is still exist .

m7mdharoun avatar Oct 20 '18 16:10 m7mdharoun

@m7mdharoun I'm pretty familiar with this one and somewhat doubt your claim. Could you please provide a link to your more recent issue (if disclosed) or at minimum some further information?

codingo avatar Nov 12 '18 10:11 codingo

@codingo I've disclosed the Bug Report but without the premssion of PayPal So someone report Hackerone Support and They warning me Poc here hubspot

FingerPrint : Domain Not found hubspot finger

m7mdharoun avatar Nov 12 '18 22:11 m7mdharoun

Excellent, thank-you for the prompt response. I'll update the repo shortly.

codingo avatar Nov 13 '18 00:11 codingo

@codingo Please check your twitter messages I've sent you the POC link

m7mdharoun avatar Nov 13 '18 00:11 m7mdharoun

Hi, another example here:

https://hackerone.com/reports/407355

(He didn't say it was "Hubspot", but he said "this report is same as of this one:- https://hackerone.com/reports/38007"

soy-elmago avatar Mar 06 '20 16:03 soy-elmago

Here is a recent example, but it contains few details about the PoC: https://hackerone.com/reports/335330

jub0bs avatar May 11 '20 16:05 jub0bs

Both examples above were reports written 2 years ago, but disclosed recently.

soareswallace avatar May 11 '20 17:05 soareswallace

@soareswallace Ah yes, I had overlooked that. Thanks.

jub0bs avatar May 11 '20 17:05 jub0bs

This is no longer possible. image

rohan-birtia avatar Jan 02 '23 04:01 rohan-birtia

Halo, i discovered a domain connect the hubspot but went i regist it the domain i want to takeover is request the verification, is still vuln or no?

hellsing032 avatar Apr 05 '24 07:04 hellsing032