Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

uptimerobot takeover detection

By kannthu

Low
Vidoc logoVidoc Module
#takeover
Description

What is the "uptimerobot takeover detection?"

The "uptimerobot takeover detection" module is designed to detect potential takeover vulnerabilities in the UptimeRobot software. UptimeRobot is a popular monitoring service used to check the availability and performance of websites and servers. This module focuses on identifying misconfigurations or vulnerabilities that could potentially allow an attacker to take control of a custom domain or subdomain.

This module has a low severity level, indicating that the impact of a successful takeover may be limited. However, it is still important to address any identified vulnerabilities to prevent potential exploitation.

The original author of this module is pdteam.

Impact

A successful takeover of a custom domain or subdomain in UptimeRobot could allow an attacker to gain unauthorized access or control over the affected website or server. This could lead to various security risks, such as data breaches, defacement, or unauthorized modifications.

How does the module work?

The "uptimerobot takeover detection" module works by performing specific HTTP requests and evaluating the responses against predefined matching conditions. It uses a combination of DSL (Domain Specific Language), regex (regular expressions), and status code checks to identify potential takeover vulnerabilities.

For example, one of the matching conditions checks if the response contains the phrase "page not found" using a regular expression. If this condition is met, it indicates a potential misconfiguration or vulnerability that could be exploited for a takeover.

The module also checks for a status code of 404 (Not Found), which is commonly associated with missing or non-existent pages. If this status code is detected, it further confirms the presence of a potential takeover vulnerability.

By analyzing the HTTP responses and matching conditions, the module can provide insights into the security posture of UptimeRobot installations and help identify areas that require attention.

Reference:

- https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/ - https://github.com/EdOverflow/can-i-take-over-xyz/issues/45

Metadata:

max-request: 1

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: Host != ipand
regex: ^page not found$and
status: 404
On match action
Report vulnerability