Subdomain Takeover Possible via Landingi #117

messi96 · 2019-09-20T16:08:09Z

Service name

Landingi

Landingi is Vulnerable to Subdomain Takeover
If you get an Error Similar to this one

$ cat aelfjj1or81uegj9ea8z31zro.html
<!-- PoC by username -->

Add the subdomain under Domains in the left pane.
Subdomain gets successfully verified if it is unclaimed or has dangling CNAME records ( cname.landingi.com. )
On the selected landing page click MORE “...” to expand the list of available actions
Select “PUBLISHING OPTIONS” on the dropdown And then “CHANGE URL” if you want to.
Choose your domain from the list and add a path to it if needed.
Save changes & Publish!
Enjoy your leads.

Thanks :)

The text was updated successfully, but these errors were encountered:

0xElmalky · 2020-08-07T09:55:20Z

Hello Is this case still vulnerable ?

adityathebe · 2021-01-03T05:20:42Z

This is an edge case. Needs to be verified manually

kcnewb1e · 2021-02-26T22:18:52Z

this is error from landingi to?

ahmedameenaim · 2021-02-28T13:30:58Z

@adityathebe Is there a way to bypass it ?

pdelteil · 2021-06-04T20:50:17Z

I confirm is not possible to take over the subdomains.

Nikhil28-09-04 · 2024-09-17T07:07:02Z

Will this be vulnerable?? @pdelteil

EdOverflow added the vulnerable Someone has provided proof in the issue ticket that one can hijack subdomains on this service. label May 18, 2020

GDATTACKER-RESEARCHER mentioned this issue Sep 4, 2020

fingerprint addition needed PushpenderIndia/subdover#2

Closed

pdelteil mentioned this issue Jun 4, 2021

[false-positive] landingi-takeover projectdiscovery/nuclei-templates#1629

Closed