Github Subdomain Takeover -

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1468736 漏洞类型
发布时间 2019-02-03 更新时间 2019-02-03
漏洞平台 N/A CVSS评分 N/A
What you need :
- Reverse IP (yougetsignal / hackertarget)
- Github Account (Better use new account)
- HTTP / HTTPS Status

First, go to Reverse IP , and then write github subdomain
*Default is :

Choose the subdomain without 
*Ex :

Check in HTTP / HTTPS Status
*If the domain status is 404 , you can takeover it

After you got 404 domain status, go to your github account
> Create New Repository (The repository name must * ! Don't use http:// or https://)
> Checklist Public
> Checklist Initialize this repository with a README
> Create new file
> Write or paste your defacement script (HTML)
> Open setting (not on profile)
> Search Github Page, change Source from "None" to "Master Branch"

Last, search Github Page again, and write "Custom Domain" with name of domain that you hijack (Ex :

Thank's to All Indonesia Haxor