Domain name registration rules

waike · October 7, 2019, 11:28pm

I’ve come across a broken link in a target web app. The link is broken due to a missing slash (/).

The result is an href pointing to www.target.comhttp/blablabla. In order to exploit this, I’ll have to register a .comhttp domain. Is this in any way possible?

theOneWhoHacks · October 9, 2019, 9:37am

comhttp TLD is not open availanle for registration.
Theoritically u may:
1- apply for the tld with ICAN.
2- DNS poison ur victim
3- mangle with ur victim hosts file

stefanofinding · October 9, 2019, 6:38pm

Can you manipulate the value?

waike · October 10, 2019, 3:27pm

Ah, too bad. I’d just read about broken link hijacking, and I thought this could be an interesting bug. I can’t manipulate the value, it’s a static page.

Topic		Replies	Views
Am I on the verge of my first bug found? Starter Zone	5	2087	May 16, 2018
Need Help or Guidance on Potential Bug Web Hacking	8	1811	May 29, 2019
Xss inside Param tag Web Hacking	5	1580	February 13, 2020
Link rel=canonical XSS exploitation Web Hacking	4	6367	January 4, 2019
Trying for xss! Starter Zone	2	1547	May 15, 2021

Domain name registration rules

Related Topics