Subdomain Takeover

Subdomain takeover is a process of registering a non-existing domain name to gain control over another domain.

Vulnerability Name: Subdomain takeover on [Domain name]

Vulnerability Description: Subdomain Takeover is a type of vulnerability which appears when an organization has configured a DNS CNAME entry for one of its subdomains pointing to an external service (ex. Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized by that organization. An attacker could register to the external service and claim the affected subdomain.

Here the xyz.xxxxxxx.com is pointing towards a third party service hosted on xxy.com,you can confirm it by passing the below command

nslookup xxx.xxxxxxxxxxxx.xxx 8.8.8.8

[or]

Going to ping.eu and do a dnslookup there.

Proof-of-concept: Snapshots or video link attached.

Impact:

  1. Phishing.

  2. Company impersonation.

  3. Business loss to the company.

Attack Scenario: [Create your own attack scenario according to the workflow of website]

Remediation: Remove the CNAME or claim that sub-domain, from the service provider.