Vercel Takeover

[brianlam38]

Template Information:

Subdomain takeover through Vercel is possible though limited to edge cases. See reference here.

Nuclei Template:

id: vercel-takeover

info:
  name: vercel takeover detection
  author: brianlam38
  severity: high
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/183
  tags: takeover,vercel
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        part: body
        words:
          - "The deployment could not be found on Vercel"

Redacted template result:

[INF] [vercel-takeover] Dumped HTTP request for {redacted}

GET / HTTP/1.1
Host: {redacted}
User-Agent: {redacted}
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [vercel-takeover] Dumped HTTP response {redacted}

HTTP/1.1 404 Not Found
Connection: close
Content-Length: 67
Content-Type: text/plain; charset=utf-8
Date: Tue, 27 Jun 2023 23:16:14 GMT
Server: Vercel
X-Vercel-Error: DEPLOYMENT_NOT_FOUND
X-Vercel-Id: {redacted}

The deployment could not be found on Vercel.

[DhiyaneshGeek]

Hi @brianlam38 thank you so much for sharing this template with the community and contributing to this project 🍻

You can join our discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments. Thank you once again