can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

Subdomain Takeover through Kinsta

Open Avileox opened this issue 6 years ago • 7 comments

Service name

Kinsta

Website

https://kinsta.com/

Credential

screenshot 45 _li

Condition

Subdomain takeover through Kinsta is possible but for creating POC you need a paid account because kinsta need a paid account for creating subdomains and using web hosting through kinsta.

Avileox avatar Oct 03 '18 20:10 Avileox

@Cyberdolt have you performed one of these already or do you have a reference writeup so I can add this to the main repository?

codingo avatar Oct 18 '18 07:10 codingo

I reported this issue but the organization didn't fix the issue yet so, I am waiting for them to resolve after that I will provide the full description.

Avileox avatar Oct 20 '18 05:10 Avileox

@Avileox
How it possible to take a subdomain over as long as it has an A record for a kinsta dedicated IP ?

itachi73 avatar May 03 '19 21:05 itachi73

Most Probably, It is impossible to takeover subdomain with A record through Kinsta. Here is the response from kinsta for orphan CNAME. 404 Not Found Content-Length=[33604] Server = kinsta-nginx

Avileox avatar May 04 '19 04:05 Avileox

I met the same response with an A record

itachi73 avatar May 04 '19 05:05 itachi73

So does that mean, if a vulnerable subdomain has the A record pointing to an IP, it's impossible to takeover the subdomain?

sumgr0 avatar Jul 04 '20 12:07 sumgr0

This is no longer possible, requires TXT verification.

m0chan avatar Sep 09 '21 13:09 m0chan