Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

Pagewiz subdomain takeover

By kannthu

High
Vidoc logoVidoc Module
#takeover
Description

What is the "Pagewiz subdomain takeover?"

The "Pagewiz subdomain takeover" module is designed to detect a specific misconfiguration vulnerability in the Pagewiz landing page platform. This vulnerability, if exploited, can lead to a subdomain takeover, allowing an attacker to gain control over a subdomain and potentially perform malicious activities.

This module has a severity level of high, indicating the potential impact of the vulnerability if left unaddressed.

This module was authored by brabbit10.

Impact

If a subdomain takeover occurs, an attacker can potentially redirect traffic intended for the affected subdomain to their own malicious website. This can lead to various security risks, such as phishing attacks, malware distribution, or unauthorized access to sensitive information.

How does the module work?

The "Pagewiz subdomain takeover" module works by sending HTTP requests to target websites and analyzing the responses for specific conditions. It uses matching conditions to identify potential misconfigurations that could indicate the presence of the vulnerability.

One of the matching conditions used by this module is checking for specific words in the response, such as "404 - Page Not Found," "Start Your New Landing Page Now!," and "pagewiz." If any of these words are found, it suggests that the target website may be vulnerable to subdomain takeover.

Additionally, the module uses a DSL (Domain Specific Language) condition to check if the host is not an IP address. This helps filter out false positives and focus on potential subdomain takeover scenarios.

By combining these matching conditions, the module can effectively identify websites that may be susceptible to subdomain takeover.

Here is an example of an HTTP request that the module may send:

GET / HTTP/1.1
Host: example.com

This request is used to analyze the response and determine if the target website exhibits the expected behavior indicating a subdomain takeover vulnerability.

It's important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and detection of various misconfigurations, vulnerabilities, and software fingerprints.

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: Host != ipand
word: 404 - Page Not Found, Start Your New Lan...
On match action
Report vulnerability