Squarespace Subdomain Takeover

The target scope was *.target.net So the first thing I did was enumerating subdomains with finder and passing the subs to httpx as below:

subfinder -d target.net | httpx -td -sc -title -location

td : technology detect

sc: status code

title: page title

location: the location if there's a redirect

Anyway one subdomain got my attention

https://6hgtf6xacpkrbp4w5tda.brandportal.target.net [404] [] [Squarespace - Domain Not Claimed] [Squarespace,Squarespace Commerce]

The first thing I did was Going to https://github.com/EdOverflow/can-i-take-over-xyz to check if Squarespace is vulnerable but sadly; it wasn't.

I searched if there's another good resource on google and came accross this report on Hackerone https://hackerone.com/reports/1527405 which was like my case but unfortunately they closed it as N/A :) .

Last updated