Monday, 20 July 2020

Subdomain Takeover using readthedocs

Hello World!

Not a fancy blog post, but I just discovered that subdomain takeover is possible for "readthedocs."

What is a subdomain takeover?
It is best explained here. https://github.com/EdOverflow/can-i-take-over-xyz

What is "readthedocs"?
Read the Docs is an open-sourced free software documentation hosting platform. It generates documentation written with the Sphinx documentation generator.

How do I check for subdomain takeover over?

Any subdomain pointing to "readthedocs" but not claimed would throw an error like in the screenshot below.




How to takeover?
1. Signup at https://readthedocs.org and click on Admin settings
2. Add the repository https://github.com/readthedocs/template.git or fork the repository if you wish to make any changes.
3. Add your repository at "Repository URL:"



4. Click on "Domains" in admin settings and add the domain.




Takeover!

P.S I wrote this blog because I didn't find it mentioned at https://github.com/EdOverflow/can-i-take-over-xyz







2 comments:

Unknown said...

I found the similar issue a few days back, here it is https://www.deathflash.ml/blog/subdomain-takeover-readthedocs

Shashank said...

Ahh, nice. I didn't find it on google. Seems like someone else was here before. :D