can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

surge.sh is not vulnerable

Open mzfr opened this issue 4 years ago • 3 comments

I am bit confused about how takeovers works

so If a website named sub.target.com is pointing toward thisisrandom.surge.sh then the way to takeover would be to register the thisisrandom.surge.sh domain, right?

If that is how it should be then it's not possible to takeover surge.sh subdomains. I don't think it's possible because when you go on to register a new project with a new subdomain it checks if that subdomain is registered by someone else or not. And if it then it give error

   Running as EMAIL-ID-HERE

        project: /my/project/path
         domain: thisisrandom.surge.sh

   Aborted - you do not have permission to publish to thisisrandom.surge.sh

takeover

Please let me know if I'm wrong and someone finds a way to take these over :)

mzfr avatar Feb 21 '21 16:02 mzfr

Hey!! I just got the same scenario and this is still a takeover, you have to add a CNAME file in the same directory. Resources:- https://surge.sh/help/adding-a-custom-domain

sec000 avatar May 30 '21 16:05 sec000

@yashanand Can you please explain step by step? Like what all you did to takeover the subdomain.

mzfr avatar May 30 '21 17:05 mzfr

Hey I follow the same steps which are given on the official website, if you have any doubt ping me on Twitter @yashanand155

sec000 avatar Jun 05 '21 15:06 sec000