Aditya Thebe

Any fix for this ?

Is this still vulnerable ? Because Azure requires a unique Custom Domain Verification ID to be put as a TXT record in the DNS.  Until the TXT record is...

> Never mind, it’s still vulnerable. Just observed one get snatched live. 😮 How was the TXT verification bypassed ? **EDIT** Nevermind

> Any hints of how to bypass the TXT verification? @sumgr0 It's not required.

> @ravkishu Well I need to create a CNAME and a TXT record on the victims domain (let's say google.com). There is no way that I can verify the ownership...

> @rootkech can you please elaborate a little why it is not vulnerable any more? > Also, have you checked all the heroku domains? herokuapp.com, herokudns.com and herokussl.com You don't...

There are definitely edge cases here. ```bash $ host -t CNAME anythingrandom.console.dev.twilio.com anythingrandom.console.dev.twilio.com is an alias for cname.vercel-dns.com. ``` ```bash $ curl 'https://anythingrandom.console.dev.twilio.com/'  10:12:48 The deployment could not be...

Does this not involve `CNAME` records ?

@saurabh96216 IIRC the cname is irrelevant as long as it is pointing to .github.io

The CNAME should be set to **custom-proxy.leadpages.net** ? Or is the `custom-proxy` part a variable ?