🤯
Mazin
  • 🤔INTRODUCTION
    • Whoami
  • ☀️Notes
    • Leaked Credentials
    • IIS
    • CMS
    • pentesting4arabs
    • 2FA Bypass
    • Android
    • Monitor CVEs
    • Shodan Queries
    • Sites & Repos for bug hunting
    • Sites for scanning & etc
  • 🔥CTFS
    • Sites to solve Ctfs
    • HTB Apoc 2023
  • 💸Bug Bounty Writeups
    • Origin IP Access WAF Bypass
    • My First Big Bounty
    • Exposed Docker Registry
    • Squarespace Subdomain Takeover
Powered by GitBook
On this page
  1. Bug Bounty Writeups

Squarespace Subdomain Takeover

PreviousExposed Docker Registry

Last updated 10 months ago

The target scope was *.target.net So the first thing I did was enumerating subdomains with finder and passing the subs to httpx as below:

subfinder -d target.net | httpx -td -sc -title -location

td : technology detect

sc: status code

title: page title

location: the location if there's a redirect

Anyway one subdomain got my attention

https://6hgtf6xacpkrbp4w5tda.brandportal.target.net [404] [] [Squarespace - Domain Not Claimed] [Squarespace,Squarespace Commerce]

The first thing I did was Going to to check if Squarespace is vulnerable but sadly; it wasn't.

I searched if there's another good resource on google and came accross this report on Hackerone which was like my case but unfortunately they closed it as N/A :) .

💸
https://github.com/EdOverflow/can-i-take-over-xyz
https://hackerone.com/reports/1527405