Flywheel Subdomain Takeover

What is the "Flywheel Subdomain Takeover?"

The "Flywheel Subdomain Takeover" module is designed to detect a specific misconfiguration vulnerability related to the Flywheel hosting platform. Flywheel is a popular hosting service used by many websites. This module focuses on identifying instances where a subdomain hosted by Flywheel can be taken over by an unauthorized party.

This module has a severity level of high, indicating that if the vulnerability is present, it can potentially lead to unauthorized access or control over the affected subdomain.

This module was authored by smaranchand.

Impact

If a subdomain hosted by Flywheel is vulnerable to takeover, an attacker could potentially gain control over the subdomain. This can lead to various malicious activities, such as defacement, data theft, or redirecting traffic to malicious websites.

How the module works?

The "Flywheel Subdomain Takeover" module works by sending HTTP requests to the target website and analyzing the response. It looks for specific patterns in the response body that indicate the presence of a Flywheel-hosted page that suggests a potential subdomain takeover.

One example of a matching condition is the presence of the following text in the response body:

We're sorry, you've landed on a page that is hosted by Flywheel
<h1>Oops! That's not the site<br>you're looking for.</h1>

If this or other defined patterns are found, the module will report a potential vulnerability.

It's important to note that this module is specifically designed to detect misconfigurations related to Flywheel subdomains and does not perform any actual subdomain takeover.

For more information, you can refer to the reference article by smaranchand.