Sprintful Takeover

ID: sprintful-takeover

Severity: high

Author: Mhdsamx

Tags: takeover,sprintful

Description

Sprintful takeover was detected.

YAML Source

id: sprintful-takeover

info:
  name: Sprintful Takeover
  author: Mhdsamx
  severity: high
  description: Sprintful takeover was detected.
  metadata:
    max-request: 1
  tags: takeover,sprintful

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        words:
          - 'The user account associated with this calendar has been deactivated.'
          - 'Please contact the owner of this calendar directly in order to book a meeting.'
          - 'This domain name does not have a default page configured.'
        condition: or

      - type: word
        words:
          - "Sprintful"

      - type: status
        status:
          - 200

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4b0a00483046022100d425e65fcde3abed6b7f0bfeb6d10c16a0b090fdac389f211d2ee56ac675f57d022100b9a6b13ff702336431cc88619f00e6d9ff0c2e38cf9db5a9f2fe02bce39374be:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/takeovers/sprintful-takeover.yaml"

View on Github