Added new provider I came across today - Tilda #19
Conversation
There might be a different case when takeover is possible as if the project with the domain is deleted but CNAME is not removed. Couldn't find a valid case or article demonstrating real takeover.
|
Thank you very much, @eraymitrani. |
|
I think this case is incomplete since it looks like this was subscription based (suggesting the original account wasn't deleted, just lapsed). What kind of testing did you do around this @eraymitrani? Beyond testing on the one you discovered, did you try creating/deleting this on another account to see if it was possible? There's a great deal of edge case takeovers where writeups aren't found, but which are still possible and I think before we go outright putting items as not being possible for takeover on this list all avenues (including creating/deleting an account) should first be explored. Thoughts @EdOverflow? |
|
In cases like these, @codingo, I usually merge the pull request to get some feedback from others and do my own testing in private. If I or someone else then discovers a way to claim a subdomain pointing to the service in question, I make absolutely sure to update the project accordingly with clear instructions. That being said, I am open to changing my approach and only merging pull requests that we have reviewed comprehensively, including all the edge cases. Would you rather we took that approach from now on, @codingo? |
|
I think it's worth consideration. Potentially a subfolder needs to exist on this site that outlines a standard test case and how much of it was performed? In its current form if I were to visit this site after seeing a tilda domain I now wouldn't bother, assuming it was explored. If there was a way to see what kind of testing was already performed I might see a gap in the logic that others hadn't and find a potential way to exploit it. I'm not certain that's the full solution, but I think seeing a case like this one was enlightening. I quite strongly believe that a tilda takeover is still potentially possible, and likely wasn't explored fully in this case. Unfortunately without this issue/thread I would have had no context in the future and simply blindly followed it. Happy to open up a slack/e-mail dialog with you if you want to explore the idea / discuss an approach further? |
|
Of note - I think solving this also helps with #4 |
This is a fantastic idea. We could put together a list of test cases and then add a checklist to each project in the README.md file. Something along these lines:
|
|
I agree. I think we start with this case in a new pull request. We can then populate the others from known write-ups/experience and others can help build it out over time. It's late here but I'm happy to get to this tomorrow if you're swamped. |
|
@eraymitrani if you can expand on the testing you performed so we can build out the test case. Given this was for a bounty I'm assuming it wasn't too extensive (and that's totally ok) so I'm happy to perform further testing if needed. |
|
@codingo , I only came across one domain they was a lapsed subscription got a test account and tried to claim it but was stopped because a "project" still existed with that domain name however I could claim other unclaimed subdomains under the same domain which leads me to believe if for some reason a domain was registered and later their account deleted without removing the CNAME it could be possible to takeover. Initially I didn't want to spend too much time and potentially money doing more research but wanted to open a pull request to share what I have already discovered. I'm open to looking into it further together to arrive at a more comprehensive conclusion. |
|
Totally understand, and that makes sense, I would have done the same. Either @EdOverflow or I will add some test cases to the existing takeovers in a couple of days and we can look at building this out further. It's a problem we've faced for a while (as represented in #4), so please don't think I'm picking on this pull request directly - just looking at ways of making things better. |
|
I didn't take it personally. I'd be happy to help test other providers once you guys settle on high level test cases. |
|
Subfinder pulled me away from this for a couple of days, but know that's it's top of my list for tomorrow to get these changes made. Sorry about the delay @EdOverflow @eraymitrani! |
There might be a different case when takeover is possible as if the project with the domain is deleted but CNAME is not removed. Couldn't find a valid case or article demonstrating real takeover.