Subdomain takeover using https://tilda.cc/ #155
Labels
vulnerable
Someone has provided proof in the issue ticket that one can hijack subdomains on this service.
Comments
EdOverflow
added
the
vulnerable
|
I just took over one Tilda domain. This is the error message
|
|
I found one with another error message "Please renew your subscription". In this case is not possible to take over the subdomain.
|
pdelteil
added a commit
to pdelteil/nuclei-templates
that referenced
this issue
May 7, 2021
This update is based on this issue EdOverflow/can-i-take-over-xyz#155
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Service name
https://tilda.cc/
Proof
https://hackerone.com/reports/894657
Documentation
Subdomains which are pointing to tilda.cc,and has a unclaimed DNS record are vulnerable for subdomain-takeover.
Reference
https://help.tilda.ws/customdomain#:~:text=Navigate%20to%20the%20Site%20Settings,in%20the%20right%20upper%20corner.
The text was updated successfully, but these errors were encountered: