Subdoamin Takeover Possible via Intercom Help Center

[MuhammadKhizerJaved]

Intercom Help Center

Proof

If you get an Error Similar to this one that gives 404 Error simply go to https://www.intercom.com/customer-support-software create a new account buy the service or get a free demo for 14 days

Then visit https://app.intercom.io/a/apps/pr1twx7u/articles/site/settings and add the subdomain that's giving error in custom domain field

Turn On the Help Center and Publish a test article also otherwise you won't be able to turn on the help center

after you turn on successfully you'll be the admin of the help center

Documentation

https://www.intercom.com/help/

Thanks 😉

[phoenix-sec]

great khizar <3

[m7mdharoun]

Seems Interested 👍 waiting validation

[snapsecco]

Awesome bro

[ziak2677]

This Issue is vulnerable or not?

(Warning! Domain mapping upgrade for this domain not found. Please log in and go to the Domains Upgrades page of your blog to use this domain.)

If vulnerable then how i takeover through wordpress??
kindly guide.

[janmasarik]

Doesn't seem to work in case the domain is (or maybe was already) taken:

The non-vulnerable page seems to be the same one:

However, it sometimes returns a different error message:

[PjMpire]

Takeover is edge case. A user can claim domain and turn off the helpcenter which then directs to the 404 page. I discovered that the domain can be registered if and when released by the current workspace owner.

[Phoenix1112]

hello bro.. i need help. I'm now a member of the site. I can't find which part of the target subdomain name to enter. please help with this.

which section do I need to enter from here?
@MuhammadKhizerJaved @PjMpire

[PjMpire]

hello bro.. i need help. I'm now a member of the site. I can't find which part of the target subdomain name to enter. please help with this.

which section do I need to enter from here?
@MuhammadKhizerJaved @PjMpire

Articles tab on the left hand side -> settings -> setup the basics

[Phoenix1112]

@PjMpire
Thanks for the help.
now I get an error when I try to register domain address... I get the warning that this domain name has already been taken. I see this image when I enter the target site. can't this subdomain be taken?

[PjMpire]

@Phoenix1112 as i mentioned in my previous post. Takeover is edge case. If the name has been registered but the help center has been disabled, takeover is not possible