This post is the write-up about subdomain takeover vulnerable service Worksites that I found back in April 2020. Although this is a paid service, It's possible to create a PoC without having to purchase the service.
Worksites.net is a web service for building websites for contractors and growing businesses, which support custom domains feature.
A record should be pointing to static IP address 188.8.131.52
worksites.melbadry9.xyz. 60 IN A 184.108.40.206
I use the following Nuclei template to check for possible candidates.
name: worksites.net service detection
We should see a similar error page to verify whether the subdomain takeover may be possible.
Vulnerable Subdomain Error Page
To detect a vulnerable subdomain, we use the following fingerprint based on the HTTP response; we confirm whether the subdomain is vulnerable or not.
"Company Not Found",
"Hello! Sorry, but the website you’re looking for doesn’t exist."
I use the following Nuclei template to check for the vulnerable subdomain.
name: worksites.net subdomain takeover
-"Company Not Found"
-"Hello! Sorry, but the website you’re looking for doesn’t exist."