Github Subdomain Takeover - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1468736 漏洞类型
发布时间 2019-02-03 更新时间 2019-02-03
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019020028
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
What you need :
- Reverse IP (yougetsignal / hackertarget)
- Github Account (Better use new account)
- HTTP / HTTPS Status

First, go to Reverse IP , and then write github subdomain
*Default is : grab.github.io

Choose the subdomain without .github.io 
*Ex : myexploit.github.io

Check in HTTP / HTTPS Status
*If the domain status is 404 , you can takeover it

After you got 404 domain status, go to your github account
> Create New Repository (The repository name must *myexploit.com ! Don't use http:// or https://)
> Checklist Public
> Checklist Initialize this repository with a README
> Create new file
> Write or paste your defacement script (HTML)
> Open setting (not on profile)
> Search Github Page, change Source from "None" to "Master Branch"

Last, search Github Page again, and write "Custom Domain" with name of domain that you hijack (Ex : myexploit.com)

Thank's to All Indonesia Haxor