-
-
Notifications
You must be signed in to change notification settings - Fork 724
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pingdom.com Services Are Also Possible To Be Claimed. #144
Comments
Added: - Gemfury EdOverflow#154 - Uberfilp EdOverflow#150 - Agile CRM EdOverflow#145 - Pingdom EdOverflow#144 - Worksites EdOverflow#142
@adiffpirate I believe @manasmbellani is right with his signature in subjack. I did a test with following test cases when I enable public dashboard to stats.masarik.sh (takeoverable cases bold):
As far as I can tell, #159 is addressing the false positive case of 1, and we need to address 3, 4 and 5 instead. Or did you have a different example that would allow to takeover If you want a robust mechanism that errs on the false positive side, you could check for 404 instead. Both cases return 404, and it's a bit more probable that it will continue to work even if they change wording. |
@janmasarik Wow, really nice work testing/documenting that. I created the PR based solely on what I saw at the proof video and the error page that shows up there. Thank you for going the extra mile. I'm gonna create another PR later and update the fingerprint (or you can do that if you wanna) 😊 |
As explained in EdOverflow#144 (comment)
Happy to help @adiffpirate! I've went ahead and made #178 to address this. :-) |
Supposedly, as of at least October (but possibly before that), this no longer works. could someone please check? |
Service name
Pingdom.com
Proof
https://youtu.be/VuIO1l5RL8k
Documentation
https://help.pingdom.com/hc/en-us/articles/205386171-Public-Status-Page
The text was updated successfully, but these errors were encountered: