Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo Collective Subdomain Takeover #152

Open
z3dc0ps opened this issue Jun 18, 2020 · 14 comments
Open

Cargo Collective Subdomain Takeover #152

z3dc0ps opened this issue Jun 18, 2020 · 14 comments
Labels
question Further information is requested

Comments

@z3dc0ps
Copy link

z3dc0ps commented Jun 18, 2020

Some Help with Cargo Collective Subdomain Takeover
@z3dc0ps z3dc0ps changed the title Some Help with Cargo Collective Subdomain Takeover Cargo Collective Subdomain Takeover Jun 18, 2020
@EdOverflow EdOverflow added the question Further information is requested label Feb 3, 2021
@PRADEEP0703
Copy link

404 not found how i taken subdomain

@sabir789
Copy link

Hi
How we can takeover corgocollective subdomain?
any resource?
i have found 3 subdomain that point to corgocollective.

@mothiesms
Copy link

Hi
i found 404 NOT FOUND error how i takeover the subdomain****

@adsh13
Copy link

adsh13 commented Mar 26, 2023

bro how to takeover cargo subdomain i got error please answer mi bro

@notmarshmllow
Copy link

  1. I tired to signup up on https://cargo.site/
  2. Selected a new template for my site and entered a random.cargo.site
  3. On my website editor page, clicked on Settings button and selected Connect and Existing Domain Name.
  4. However, my target was not vulnerable as after entering my target domain name as custom domain, it showcased - Domain name already in use by blah blah site error.

Hope this helps incase this is the right method.

@Cyber-Watch-Dog
Copy link

Can anyone help with the Cargo Collective subdomain?

@Wakhungila
Copy link

  1. I tired to signup up on https://cargo.site/
  2. Selected a new template for my site and entered a random.cargo.site
  3. On my website editor page, clicked on Settings button and selected Connect and Existing Domain Name.
  4. However, my target was not vulnerable as after entering my target domain name as custom domain, it showcased - Domain name already in use by blah blah site error.

Hope this helps incase this is the right method.

I think cargo collective needs payment before you can add a domain

@BearClaw96
Copy link

the problem is with the DNS configuration , after you purchase the Service and buy a subscription you have to point the subdomain to your POC page that you created on Cargo which you cant do that because you dont have access to the dns configuration of the subdomain or thats what i think ? Correct me if i am wrong!

@ndalezios
Copy link

ndalezios commented Aug 31, 2024
edited
Loading

Thanks for your reply. I deleted my previous comment, because I did not want to spam/trash this comment section. What happened is that subzy tool reported a false positive cargo domain/subdomain which after checking DNS records is not. But what concerns me is how this happened (the false positive). How did the signature match with this subdomain? I believe that the signature is wrong. Maybe Cargo changed it...

@pdelteil
Copy link
Contributor

pdelteil commented Aug 31, 2024 via email

@ghbfgb
Copy link

ghbfgb commented Sep 2, 2024

it was asking payments to add a existing domain

@BearClaw96
Copy link

This replay for You >> ghbfgb
Yes, i know that and i purchased the subscription and i was able to add the subdomain but there is a problem because you want the subdomain to point to the Cargo url which you need to do that through DNS config and to be able to control that and you can't since you dont really own this subdomain and there is no way you can control that.

@BilalAhmadKhanKhattak
Copy link

Don't use that tool for subdomain takeovers, use nuclei templates much easier to detect false positives.

On Sat, Aug 31, 2024, 13:36 Nikos Dalezios @.> wrote: Thanks for your reply. I deleted my previous comment, because I did not want to spam/trash this comment section. What happened is that subzy tool reported a false positive cargo domain/subdomain which after checking DNS records is not. But what concerns me is how this happened (the false positive). How did the signature match with this subdomain? — Reply to this email directly, view it on GitHub <#152 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2OS73PLNENW5FH2YTXQBTZUIEKTAVCNFSM4OBFYKA2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMZSGMYDAOJYHA2A . You are receiving this because you are subscribed to this thread.Message ID: @.>

THanks for the NUCLEI suggestion!

@mohammed19990
Copy link

Is this available now, I got a subdomain but it's asking for $17/year if I buy it, is it a Takeover or does it ask for TXT?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests