Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vercel-takeover.yaml is a false positive template #10076

Closed
pich4ya opened this issue Jun 19, 2024 · 0 comments · Fixed by #10159
Closed

vercel-takeover.yaml is a false positive template #10076

pich4ya opened this issue Jun 19, 2024 · 0 comments · Fixed by #10159
Assignees
@DhiyaneshGeek
Labels
Done Ready to merge false-positive Nuclei template reporting invalid/unexpected result

Comments

@pich4ya
Copy link

pich4ya commented Jun 19, 2024
edited
Loading

Nuclei Version:

v3.2.9

Template file:

http/takeovers/vercel-takeover.yaml

Command to reproduce:

nuclei vulnerable.domain
[...]
[vercel-takeover] [http] [high] https://example.vulnerable.domain

Anything else:

The Vercel domain takeover is not possible anymore without the ability to add/modify DNS record of a victim domain.

Vercel has added Domain verification with DNS TXT record "_vercel" https://vercel.com/docs/projects/domains/add-a-domain#configure-the-domain as discussed in EdOverflow/can-i-take-over-xyz#183.
@pich4ya pich4ya added the false-positive Nuclei template reporting invalid/unexpected result label Jun 19, 2024
@DhiyaneshGeek DhiyaneshGeek linked a pull request Jul 1, 2024 that will close this issue
Delete http/takeovers/vercel-takeover.yaml #10159
Merged
2 tasks
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge false-positive Nuclei template reporting invalid/unexpected result
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Delete http/takeovers/vercel-takeover.yaml projectdiscovery/nuclei-templates
2 participants
@pich4ya @DhiyaneshGeek