can-i-take-over-xyz
can-i-take-over-xyz copied to clipboard
Subdomain takeover of Alibaba Cloud OSS
Alibaba Cloud OSS
A subdomain pointing to unclaimed Alibaba OSS bucket via CNAME is vulnerable for takeover. The website will throw an error like this when the bucket doesn't exist.
Step-by-step process:
- Go to OSS panel
- Click Create Bucket
- Set Bucket name to source domain name (i.e., the domain you want to take over)
- Click OK to finish
- Open the created bucket (Select Access Control List (ACL) as public)
- Go to Files and Click Upload
- Select the file which will be used for PoC (HTML or TXT file)
- Set file ACL as public read
Verify by going to the subdomain.
Documentation
https://www.alibabacloud.com/help/doc-detail/31899.htm?spm=a2c63.p38356.879954.14.71cd374fq6kJ5W#concept-ars-bhz-5db https://www.alibabacloud.com/help/doc-detail/31836.htm https://partners-intl.aliyun.com/help/doc-detail/31902.htm
Hi @janthraper
I appreciate this research but can you please:
- Suggest the
CNAME
pattern in Alibaba Cloud that you're talking about - PoC will be much appreciated if possible.