can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

Subdomain takeover using https://tilda.cc/

Open m0ns7er opened this issue 4 years ago • 2 comments

Service name

https://tilda.cc/

Proof

https://hackerone.com/reports/894657

Documentation

Subdomains which are pointing to tilda.cc,and has a unclaimed DNS record are vulnerable for subdomain-takeover.

Reference

https://help.tilda.ws/customdomain#:~:text=Navigate%20to%20the%20Site%20Settings,in%20the%20right%20upper%20corner.

m0ns7er avatar Jul 07 '20 09:07 m0ns7er

I just took over one Tilda domain.

This is the error message

Screenshot from 2021-04-03 23-12-39

pdelteil avatar Apr 04 '21 03:04 pdelteil

I found one with another error message

"Please renew your subscription". In this case is not possible to take over the subdomain.

Screenshot from 2021-05-06 23-26-58

pdelteil avatar May 07 '21 03:05 pdelteil