-
-
Notifications
You must be signed in to change notification settings - Fork 724
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Subdomain Takeover through Webflow #44
Comments
Thank you for the update, can you please show the initial screenshot of "404" page |
I can confirm that it is not vulnerable anymore, |
Webflow sites are still vulnerable to takeover so you may want to change this Just had a report triaged to confirm. regards |
Can you please share steps to takeover subdomain through webflow. |
-Create webflow account and upgrade to basic paid option -Signature of takeover is webflow 404 same as OP. Takeover is not possible when owner parked the custom domain but not published the site. This scenario would still produce a webflow 404 therefore can be marked as edge case. Regards |
Thank you for the update. |
Interesting. I had a "404 Not Found" response on a webflow website but I was still not able to complete the takeover. I would receive the following error: "That domain is already connected to a Webflow site." Mind sharing more information without disclosing the target? @PjMpire |
@0xc0ffeee If the custom domain is registered but the site is not published you will see webflow 404 page but be unable to register the domain. In this scenario you will get a false positive hence my advice to update this to edge case. |
https://university.webflow.com/lesson/connect-a-custom-domain everybody,can see this vdio~ |
Hi everyone, Just manage to takeover several subdomains on the same target (H1 private prgm) and I have a theory explaining some false positive. I observed a webflow 404 on several subdomains of my target:
Webflow let me add these subdomains on my dummy website but unfortunately, when I visit them, still got webflow 404. I thought it was false positive. Several days later, I remember that Webflow allow to mark one of your custom domain "default": So if the subdomains I discovered are linked to another "default" one, I will only be able to takeover all if I found the "default" subdomain. I'm on this target since of few month so I manage to quickly found a past webflow subdomain zzz.victim.com (Now unreachable but still in victim.com webflow account). So I added this subdomain on my own webflow account and the magic happened. So try to see if your target has several subdomains (even old one, no more online) linked to Webflow. |
@szd, Thanks for your detailed explanation. |
I just confirmed here, I managed to claim domains in a pentest. |
I was able to claim a dangling Webflow subdomain just now; CNAME pointed from Apparently, this is a pay2win Subdomain Takeover :p |
<p title=” </noscript>
<style onload= alert(document.domain)//"> *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;} </style>
.qmbox .qmbox .qmbox *{color:#f78fb3;}
|
hi dude if target.dom.com is showing valid content and its cname is giving 404 can it be taken over??? |
I just took over a sub-domain with webflow. It works but requires a premium plan ! It's a paid sub-domain takeover ;) |
same here still vulnerable if you have a premium account |
Yes, Webflow is vulnerable. I did takeover one subdomain using it and published a write-up on this vulnerability |
I recently reported a takeover on a program at intigriti using Webflow , but you have to buy a premium inorder to achieve this. |
hey guys @PjMpire @saurabhss06 @bunny0417 lets say this page on the domain the same error comes and i have cross checked it is of the webflow only, |
I don't think its vulnerable or takeorable, Its a custom page. |
Any updates on this takeover ??? Is this still possible ??? I'm experiencing enforced requirement for mandatory TXT verification !! |
hey guys @PjMpire @saurabhss06 @bunny0417 do you have any idea, Is it possible to takeover this anymore? If anyone can confirm, it'll be very helpful to the community. Thanks in advance. |
Does it still vulnerable? |
Hi any update on this |
Hi guys is this still edge case or it is not vulnerable anymore can anyone confirm |
??? |
I just tried doing takeover and i can confirm it is not vulnerable anymore . All the options it gives to add custom domain asks for txt verification , Thus NOT VULNERABLE |
Hi, It's not vulnerable, I just tried, it will ask for txt verification |
This hasn't been tested, because you need a paid account. See EdOverflow/can-i-take-over-xyz#44 for more details.
Hey buddy please help me it's my first time to check takeover could i get webflow credentials to just check custom domain is adding or not can any body help me |
Hey buddy please help me it's my first time to check takeover could i get webflow credentials to just check custom domain is adding or not can any body help me |
+1 I am also in search for credentials for testing :| |
@KAFILTAFISH21 @usmanzahid123999 Webflow subdomain takeover not possible anymore , read the above comments ! |
Service name
webflow
Website
https://webflow.com/
Report
https://hackerone.com/reports/399165
Subdomain takeover through webflow is possible but for creating POC you need a paid account because webflow need a paid account for creating subdomains and using web hosting through webflow.
The text was updated successfully, but these errors were encountered: