can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

Acquia Takeover

Open KeepWannabe opened this issue 6 years ago • 9 comments

Can i Takeover via acquia ?

image

KeepWannabe avatar Jun 18 '19 15:06 KeepWannabe

I am currently struggling with this as it creates random subdomains so far and i am not looking to upgrade to find out about the prod.

random-robbie avatar Jul 22 '19 09:07 random-robbie

This is not vulnerable because of following reasons:

  1. Acquia generates a generic unique IP address for customers when creating environment.
  2. Since IP address is unique, you must either spam creating environments yet it's still unclear and each creation process takes around 30 minutes.
  3. To enable adding custom domain feature, you must subscribe for it and it's way too much costly, while they do not directly charge you, it's still not worth because of unclear state of IP address is being used or not

Let me show you some information with screenshots

As we can see from below Acquia generates unique IP: ipaddress

When adding custom domain Acquia verifies that domain is resolving into IP address they provided you: failed

I also used one of my own domains to verify the state: skima

So basically Acquia is not vulnerable or way over edge case.

mcipekci avatar May 21 '20 13:05 mcipekci

Was digging into this lately and found https://docs.acquia.com/resource/definitions/realm/:

Some common realms include, but aren’t limited to the following:

  • Cloud Platform Enterprise: prod
  • Cloud Platform Professional: devcloud
  • Site Factory: The value can vary for Site Factory subscribers. To identify the correct realm for an Site Factory subscription, contact Acquia support.

Cloud Platform will display the realm for your subscription in the default domain name included with your subscription. For example, a default domain name for a website in an Cloud Platform Professional subscription can be examplesite.devcloud.acquia-sites.com.

It seems that the aforementioned (randomly generated subdomains etc.) is true for "Cloud Platform Professional" customers. Enterprise customers seem to have predictably generated subdomains with a different "realm" — the devcloud vs. prod part in the provided URL.

tldr;

"So basically Acquia is not vulnerable or way over edge case."

bayotop avatar Jul 25 '20 11:07 bayotop

What is the CNAME for this service?

whisperer256 avatar Dec 30 '20 05:12 whisperer256

lol (2) txt

FUCKGITHUBS avatar Jan 07 '21 22:01 FUCKGITHUBS

??

Message ID: @.*** com>

FUCKGITHUBS avatar Feb 01 '22 12:02 FUCKGITHUBS

how to get free trial on this service ?

OVERPEY avatar Sep 03 '22 12:09 OVERPEY

Hi I have takeover the a acquia cloud subdomain of Starbucks where I get $640 because the domain was disconnected after free trial so only $640 it is a vulnerable subdomain you can use whatweb tool to see the vulnerable if the content has Acquia HTML install something like this then it is 100% vulnerable one Here is one hackerone disclosed report mine report was not published now but there is one

https://hackerone.com/reports/874482

shopsaver avatar Nov 01 '23 04:11 shopsaver

Hi I have takeover the a acquia cloud subdomain of Starbucks where I get $640 because the domain was disconnected after free trial so only $640 it is a vulnerable subdomain you can use whatweb tool to see the vulnerable if the content has Acquia HTML install something like this then it is 100% vulnerable one Here is one hackerone disclosed report mine report was not published now but there is one

https://hackerone.com/reports/874482

This is just a dangling subdomain not a takeover.

pdelteil avatar Jan 03 '24 23:01 pdelteil